This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-tomcat-apache_12.1-1_i386.tar.gz.sig gpg: Signature made Wed Jun 5 00:43:17 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 35cb157f04f55eacda1120e25b4d3a5b19d9da9c * md5sum adb273ec55cba884625aa4243f49383b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRromYAAoJEIXCXpWhbrlNTkYIAMhWKz9toNa95xsB31+PjqMS +SSzqOQzMmvs9SeC3VXupUA3CkQymq/PsXCJXgEeTYPvtxjmH4lyNxsE70tNQ89b 2kSANSFLL8qKLpN/rcLKwce9pp1TcznauKxCnbeeTZGYRkkypNRAsnQCGRJtzETQ kBu2oXzBCoSvJ5XJAIfAH/vfo0Oo8EkaVZ4C2BAyVetwH103im3ck0TWyurLeS8B AxwHNz4QmwnOviinz6jSUIhoiIqZ4I6EetJB1zEm0sNJnomh/1Fqx7Q3f/PU7nbS iffyGEepHcCXvtlklA0o0pBNxcwaXIFluhX/96Phiv3oD4XDJJWLyCi2hHUBC7g= =LhX6 -----END PGP SIGNATURE-----