This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gallery-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 21:32:33 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d3cb023b11c6d783ef802da2fafe10ec6b20aaa8 * md5sum 379145c43ba79914ca6c854c0cfe82c1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlzmAAoJEIXCXpWhbrlNAQ4H/1y7c12P74TPBzVVVB/KPkuL n8Ka7SbtKXd1yASqcfQKcw2LA47Cmn3hIHxAbJ8K+XlIbTA2iX9B/opNQIXPDbZ/ Jnv6wVgmkscAQagWl1QytfDs4rk05ZeJaw2Fh+29HVpIG7AcbRTUDh+JF3PS++CR N+ILN/62MRfMB3+JlqxK3de5+lpBshy/dSY94k8sWsQXuhZvVGejN44UNEMW25yK SDUSDNmFUu0r76uOI6VGs+fPlcRyXH7wbM6lKdDXmQwiqoDbu0KtUqajBNLtux+M PWGMn1dM9/SC+3uBisEsVfhTuyMZ0ijI+LUqG8X+/lvCBW3RSbD8fHvxuiOzKKo= =E/ZE -----END PGP SIGNATURE-----