This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-yiiframework-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:48:31 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d939f468f444025af467eda3e1366679e14a6f8b * md5sum c2ffd1604f893008fcc9ff6bd2025984 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3joAAoJEIXCXpWhbrlNVgQH/14h7dTXwMdF3eYQE2CAKZ2Z lajwDPKe1m05MzQQb9nW373DzJMXLDbld2sZnqzEwzKGjij9sxZTQWGISQCbTPTV 6ZoRCfswj9ix9HcdCslw4MKLDbDIqhTgq811NYX3Y7o3Gb7ltpGemxDAHVa8eFUY W/rqIiEc2Zb1jXIMo3TjB1lFAUXUHm9rxvf3OSspGHmhfHqgF3o2AGcultadjGSw wXvM50GCaMHG6Jswy8Gpmvr+gaTGHw9BsJSavnO54bumJh9vLc2LqeW4sS7Sjaah lREcGzysWLGm+/FugUWpjwPuNdEUTusIIijf9nfpY1KnN+8gnCGrF9a5s03MjYE= =5/Bd -----END PGP SIGNATURE-----