This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-joomla25_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 16:16:52 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2dd72ffbd234461a59d3302ba606f59b69a445a6 * md5sum 87b466fd7efe57241abe90a7c736c662 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWpsAAoJEIXCXpWhbrlN2+8H/igqU4+heOstORyftzNxars8 UAkXjYLoUp0gWDNsILIq874Pa+5iPb1EdUewG7lAcs9n6QHN7Ff44DBk/onmtZPk 0ltRPXDT4tw1JjlMhxtuAjq59yklaPSysOhNj2k8i2NTP3MiB5mbM7CJlmLpKHEd A0EeDy5kfdyB5u7C1eP5q4pFZk8Dtzg7S1fYm/KXoAyb0ey57TX0VY1SVBEx2CbV zzBXHPScBFamxHU/IFhdmajE5b5VHXIGvjbVZvT3uvzNnKQ6EMqTNS+3WOUDA/C0 uF1aOXEtGjanY0frN9XJohzKatEyIviuCtLVeig/Mnn+ONV72zbJyrCImdT+t8Q= =ynJJ -----END PGP SIGNATURE-----