This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-django-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 20:49:34 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e8286e567978d72b88bac42509aaa4546ba7bc8f * md5sum 91a727797b1ab37643052828a08ee7c1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlLUAAoJEIXCXpWhbrlNaSgH/jp6stplU2xT7Hy8EEeesfqB 400QpUJsD9h4J5NiI6fNsUAvUhW9fVPA6NW4hy9Onn+pi/87kzRZ14ECe7hRjvC6 Ix84+0P3QDNLX6/r8HOqHpSa/huzL9EqGgHp+m4ZJCGennlmUCLSWfii32NayaZi sLKUl9E+uAOuZiW3qaQJ9NOV0LKiZKgUQVWDMuNblRImAwIjKdcYekVCx257Oytq SV9lbe00+EDMTpqrnMphMvfkOXRmYN5N3qCRw5apXPNAJxn5C6tk3n2PK0DkXQAR c+rnv4gZIFIE9rwTUUdX10+WsNSNPSxDdKMhUF6CK9Iaoqm9PHBMho217I9oWbk= =A0pB -----END PGP SIGNATURE-----