This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phpnuke-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:31:37 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 8657b2b5985ce112144e986198f095cde65e459a * md5sum 99190cb55e933229d2652be8084fd716 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3TxAAoJEIXCXpWhbrlN7H4IAJbLhfJMaAJ/Iej/VXxypKSI 5xM4iRN2mN3xFaBo8PCogi5I2sf5URvYEW5/AvE9zbDpiHBUQv2w+BmtfP8Ymqwu wClvCudEBt76xX9vegfdcE8FsuWvElr4mDE3+8n7nO9nbD0N2CSBdEpVE8vkVSq1 AQbweqQfep/Ksij7jPbd8P7sMpUMlmmcFJ6glxIFG8aWqX6KwL2LBDT8+vxFo+j8 4rpDzkxfWi9oZmqzhnc7CWBXOWnZx+iaI5Esf8cte8QReiDgeMeAwfQqOAESIV2J afDzkJTiQB13tMH6gALYkKQhDgj9iDnJaU2UIxxB95tGEkgnR0/uqaTEXHaJmlA= =UqR4 -----END PGP SIGNATURE-----