This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-zencart_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 20:32:00 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2047d9f91f457c1001d5399fbb970008a1be03bf * md5sum 69ffeefe472c55561704517f35067595 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaY6AAoJEIXCXpWhbrlNmK8IANXHG/BMSMnwACDg//r4+aLe y2XvRJ4os8SpT8kAEfgkHhneSK+FR5NfWLjoEzjlPRluc/mRTd8+XzVU3WCzkdi+ 5bsJNDUIdLd8jz16qPdog4UJb/Ngoc7fdRBzDDZtdg4RjGlk5GlhndnHsPpIhb4N cryAQupB3boHPsblN0yvuNQGK25PLGjE+xwrF1xII2JBJeCYnWleQyBS5dTD58C/ 9QxYn4kCVHJbx4K8q0ji1n+Q1rz5TVP3oVnNZx6I8wGi6S7i86R0Tn7jvzcm2jWc v8xIxNFrIKOUNRBYP9kMgAYPKT/SK4wYUvc3kmyjUpzfYjOVu499GvlksLq3pzk= =fqop -----END PGP SIGNATURE-----