This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simplemachines-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 16:09:48 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum cf8e91982b08b37d34d587fecb15d41830bb37ad * md5sum 23e6f640f84d3cdb1b4e2f5c17df1e29 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrhFEAAoJEIXCXpWhbrlNWxQH/i1Bw1VDge5IFLIvZcpvm/Ws 71yR/dpkiNU5RR9+hmaM1r+ZlwqNw1CB7T+t5WDnmoS7dV3pF7Wv8H7Ex7fR0/f3 aAaGTGWym8frdK6co7fw616Oqz0DApvmGa/aOlAP9bCEyMlHGWrJUWSNmW9XHHMk 5cahnjbicasZbxvHG0Vcv7mYQ2KwVC/3kp+3jNxRsAPxc4NvQwYd9NGqF9rNXRmh Io7a7X3/zHAIJb2KCQmpE5dBYVF0EiMegEsH3qyyTU8VIFuz2fazH9i9w9v3App4 YQijv5RDSbzCBhQrt33AO69EteR2wLAksxBK1ZlxCet7OFj8Hr40VD/oTxumwRw= =DbU5 -----END PGP SIGNATURE-----