This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-codeigniter-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 08:51:11 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 957ed068666f3a3c6978d489bdea2c26929edf39 * md5sum d83c9a04ec5729afee1f631e5c9bc635 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc2t5AAoJEIXCXpWhbrlNBckH/RVpcyzKsCrlmdvqUHU0B2wX eB0FM1LeS5ahtN4pxFYp79c+5F0lFB+Q5vYZ/MRAVnH0UWU4n2irPvaVta9vnek9 8ClGS99cHhf0krUMpdWLPeV55mRMXG4jV7xWcpTENQ+cXBmETqN1gLjOlqM22iUv 6SciFdzZ5OkS+6z8oW+9fwQsrF9khu9KQRfhGdpHD4pJ+vRPzNNIjW5kJWn4d+4C TMRHOGqbnrciNZTx3uUuzMEO9juyOZQg2tNWcWJpW24CtWpe6b0yiw8K3p5BTtC1 M6ijvF3u/3pmrK0SFN6MVy/HWz9GWCwYFkaw4mDhyIpyTp7doh0j4xZWzceC2p4= =CoWg -----END PGP SIGNATURE-----