This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomcat-apache-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Wed Jun 5 01:03:07 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ec09759e194bade62c0bd8dbf14478d6b2b834dd * md5sum f51582928f32e24fd1aecef101b8669e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRro49AAoJEIXCXpWhbrlNSAEH/RMnlUFc4Uijud+cBsLQrCmW j7IJHf/3HPnZDLpuuCwM0dz8kek5hkPQ0oJgeYtd5iOgl5esYN2AWeI5ZJGfKBpW B51pzIYOc4w037YDiLfGCs8n+KlDq2rP57i6shgQSUtbxdBa2VGdoYc0WWazvok6 aLg926MrL+xIiWzdzw1aqGKJUfWRspSHy6XGtidM2c4/S40P1fP3LzOKFG5FncZD pBNJ9jqc34/ChzbtdXV61dYUtGzjRG0Ll+7ejFIdh2ug37wPASl2/CV044+1FX8k JSHGnhQYSXyszrFsDKznfiYi5s5/69jPeQDk+RFWr+Tl/leVkhCI3d39P2IBp5Q= =gufH -----END PGP SIGNATURE-----