This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-rails-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 16:02:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 94d81652f00429e10a015e399e43e0c422b09c3d * md5sum 43c376e1229e3e0b3d2946ee57beb154 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrg9zAAoJEIXCXpWhbrlNil0IAMngekhh52C6dvo3S2d9orak 0lwMYgzocmMIP38oaW2i9YVXGDWF5zyiRcU6GPnVHZOWTVOmd/TSYIRCD+v//yrv hY3bD4DMOWT7bbZhKcfe/hZYvACWrHelD03WJ1FvqLes9cU1mLJVEAtCyIqFl1vd Ikwn9wmM94PxQd+G7aIMiKlUb3Nv/aixmyxCfHgCRHmTiRBATy76eBETIrUIOcCa Qd9hORkf0Hdw5JNSxHkbuikIxA+L4bEP2tMVPZkj8RORy1Ia2XEyI4DrgvKLuk6C r0BzhodQFGWdiWkUSGzsa7J2j4Gv7/D6dR58J5jFULqaqUTT2dce8ITifp2PmJk= =XeCW -----END PGP SIGNATURE-----