This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-oscommerce-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:20:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f472eae9864e9ff379c05d8f03db2d1051b36ee0 * md5sum 9b46d02b660505248bb83ae9a983764b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3JjAAoJEIXCXpWhbrlN8LAIAKtSjto+WA0nWElJPRhajOjD HmkANOJPbk0cGCZNN0wdMHSWHGomNrBgQ9WXoHKM9GF/9+fk7R/cTVQvMauNXgF4 SDqcWw8MOQdZsJo6t7s+jJUqWZ9D4HaXdASDgtcriIuLFp6SUAVTdXHOZx0VkWgN CzuGF/OgtCEfMTO4j75TkgaBPu6dKYkGs6H8rEpYdxvN+oWwW5bUak5K6zGPsFOO 3o+CIiPzAq3EiiWTTaBmv1btz833Kgj5z3MluwyqNHdl4A6yVogj2y/KOPMEnof0 Q82Xatm3aRYeBowT8/ycsp99e7OZK69JlmzhpaN7gBZDW+BjwBnUA+eiII4puiY= =iylE -----END PGP SIGNATURE-----