This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-canvas_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 15:14:20 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d004eddb1ca10ad9eac7e69bb7511615a87cf030 * md5sum 9b9650bff096b239f79900609d8674df You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXVu0AAoJEIXCXpWhbrlNE+UIAOVLW0VY/ScX2Zcau7HuMDAV mQpK6S+ltl31765zqRI0WVD90q/fe91v5YNXXIX2H4cRRrnKIkOIMXKYLqjcx+g0 wMbInZZyEaBcCHcFJWwmwtocm+UG+iJtFykRpxPGV7eJjiN5jF7sGD9pCAAgm+6B Ir96KWtzJj6FDPUsdOt9M6l2dcxtNjfWa+jTfL/R9hOBcBbKck2LbusOA2Y9nkmq TEoUq6hUuf4aFJNy2+58G8XjMJMGDozYVjJf+irdZPpdh0zEHPqbGo7CcgDfY+Ai Qe6Ivxm/MscsYEPDcx4v3QI3UNtFDJGGScRefvJQyb8huVKiEC4p19Y9Zl0mWic= =2aeQ -----END PGP SIGNATURE-----