This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-web2py-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 17:23:17 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum f2ff542c7168bcae38ca747169ddd0649ae44fe7 * md5sum eaa3406a0f096feeb7d22639bbc2a133 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM8P9AAoJEIXCXpWhbrlNi3EH/A+uVtv0gO8Jc7XUaPAbNvxc krIqnlWN5juGHWbFUJ09T23YdpkH4tWvIZHxj3tkD0hzDQYVroIJhHwaEfexhvZ7 gBNQ+xCB2lC2VK1+kUQaznTG/qI3J1Mu4PkET/HisRXm7CNTUGGP/lZgLLKCzGef 2uoQEOC33DOnlXXW4DVYOWHAFdD46RheT6T9SYtsMG3Rcmaw0JIKLZT4pOhcHCCN cbZkjgf9ptEv0WetSG5+M2pw0Vk4G9Jix7wErYsKB/r/vD0bYT6+gpUVpaoy92Fr 0POyFHH5Z8xDjRM43m9dXl5NJiVf3VfKjtzMbGJ5OZ6OKIHw580qn+Uo9mgBq9U= =KYUn -----END PGP SIGNATURE-----