This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-magento-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 14:33:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d209aafd4d7ad381ac53a42dee8264e3bf96e23f * md5sum 5c48746c0119929e208f499a83f97654 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfqZAAoJEIXCXpWhbrlNgggH/1y/ldeVLPKiYpQVSuTOgEkN V2iFvQgASkNHbn7Y+AMFiJ1Y1XjhP2+aH3m/CaFL2N/OTm2WrtLe5xYvaW53L53a DRIJ0zlEbEZCF7g5r8BrMMNMPlUpbCrTrIJ2WHOELsvbz6+fb0ZM0skvI9OjrbQL YRFJAck2D+FQgcEYNsdG0z1t0Ll3x4sVnjAAyuf5Uwm/673tw84YF8jikEWef8X9 +vIh0G6Sr0CRc7WYWxaIjfeIJcmwRikjDvpovL0f4Ml6+sHR71EOH9DBkXGx8FxN +R/OQIvSg8Ywi8OOpEq7jYDZM+Vo269Jzn9V5Idb3s2xqsMBjrFR1qT5l0aFYxs= =khfX -----END PGP SIGNATURE-----