This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-web2py-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:46:14 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2782c5e3df907904fc180135ede59c8bd07f83f7 * md5sum cd8ab64ecb2205dafdf5474651ee8971 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3hfAAoJEIXCXpWhbrlNvfMH/R4vnloWEiVgTtDmbFSOcj+R HZ3vsRYFSewcPWCJFNXfzo4puqItbjkVyf2H27cmdMNbx2gXOsHfZfLa3DL/QvBq +APEAJ2u8xd7N3g9GM1uunrrqf50np5uhOFR16Jfrmbl0UxZYQh6FYq2fLGIX9Z8 crzatWH1LE7OC3kIGF1B5VqCrpy5N/jY4XXyfaA0y2sOHZzgWR8aHj2AzosXDR0z VAItkJG1DbqY7wv92KTV7g02c45paSiXR9KlHQp43c7CfXYvfzE49MEh5nIe38XC h5DMzNtXxnKCt0lKVZXEkUAL29UWPxyMAftPY5iBb3yKkTVf2HSgugelowcJqk8= =JUj4 -----END PGP SIGNATURE-----