This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sugarcrm-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 16:59:07 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 2b79fd90c3d30db0f136a86bdb0a912c279f409f * md5sum 2642b5f1963e39457b8a9fbffefbde74 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM75SAAoJEIXCXpWhbrlNGLAH/j4XyR/mZ0zGkizaMQb2S86B SFA2SwbYC6tHmZjbBPpj6zGjXeD1YYHtfyA1+tpzvfq+lHzCpL1K9DCyi4lB6061 1dgH8gMqsH9ddHFYZOocy2ACemRNE751crR6DCQcEX3nVFxLR4Jbv4JbSB75T827 oqCmq5CCD3cCedvCnAlNyRpxqIVPX/3z0rqiLu1aNUyWzK5yLY2x6PiDyaTTFJkK joTdJCx3v3nTDxBN4cr3R3VmmYaBDOtU4SapdF250FCYfaQ/3OITbOPfyQBDGR6E gYvSgIAvXvAz6O1UnFa9O9l+5SzgiSZXnnm7fwQ+n592meZ1krm+nGaxFrJqfv0= =CmnO -----END PGP SIGNATURE-----