This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lamp-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 15:44:04 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum d00d4cc6cff91cf7a673b132096238a6564f55d4 * md5sum c0e5e14b656f94e1c5ca826fc3b954af You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6y7AAoJEIXCXpWhbrlNjSYIAJ5fjywOLS0Jn0gnRCYgo7kb fvi/y1xNtrqWCSxu0ts2/z9N8HhdrZtV/Xwqb5YUKmSKuuB1pdHfutGc3yBRVMoA L+aKO5ZCne1okOr90HiPfGmj79Z6p6psoPzQCH9c7lFqZckb0hwKqluitjBh0obh X4Jb73GJ+ny4cRrCWyu9e9JgBG+8yTSDhSl0DjbfkkWSIMIc7Ldf1zw0NFvtlFp3 hx6iPGVG0Yc4+HBreF4jecD3ZolGVC9rxKUb+LvihblQmEIREwrv70bGqgvw4pBA 1sXAUUsKJ6YF+ufY8O204u5+gmQC1uaA4aPVKW+nOXl90jRwb2fzC1Mbp4YVEmg= =sdc5 -----END PGP SIGNATURE-----