This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-projectpier-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:38:00 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum eff9370017d30069e0efde40123e372722169393 * md5sum 022df538b48b8d3b57df77568a7307cb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3ZwAAoJEIXCXpWhbrlNmm8H+wXySizGPssq8QHvb3k2M6BR JQpVB6lk06Ai/R8Ap/ttg2sYrH8X6RHKoRasph7Tk1lErMWAe3IvpT72Y22vaU3K K7pgGBOMBFK2BWdSu/znTI4sK9r4FV2KUCOmHEopt8/24DKOMWO/VJHpBfq3ygNE qD6tdQn86Fo5HKkjA8L4mufWdBh+IRDrTzEoaU3vZcpsU0OI9VFh/qCNxkX/dCtx sDl4yk9PgT4u4DXv9/DWB6bpjqzp8y41dxXIQH0z2f9LMNO/aj5GP5BSXbwMiVlY wtcgI4FTKPZHChg1kGfDe32DhExwXR5mmKV94fVmf2uuDsHcgQXgK/aoa+wP7Qo= =GLVi -----END PGP SIGNATURE-----