This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-magento_12.1-1_amd64.tar.gz.sig gpg: Signature made Tue Jun 4 14:16:14 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3e8a4018d2eabc6be08e3ec13e2fb476b91700b8 * md5sum 77cc90c2f771289b790b6abf907a8159 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfanAAoJEIXCXpWhbrlNRAEH/j/ds4isJ4WglwT7AJPzT0sU jKZzXv3+hTzFsE5kAnIcwlYUKBAAZF9lbJ360LEyyuTbconXbVNgyQIO6MOKZP1e c5duKRtOzIbrsmwgNE+NS31TFB1BXaRvsUZv7RQjbM9vEhGjwugJmAoeklkItuVj uyF93v9vo36K0fA1wFJ8tZmeNI4Q4cEDWy2mpG3zKbNhXmqxK6jfvJ3F8gsiFcek ZYHFWCnP+LB1zqFEs9AfsvzI9GU9hdsp+vtIkenv6uFVX9lVzu5Ck29gs5DI0tuD L61ewgGUQjxUXhdOaGcZSGtxQ5eikd7ZKi3bbqN/MaCtxbjHwg9kWCVlaCxlK7g= =4BOI -----END PGP SIGNATURE-----