This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-gitlab_12.1-1_amd64.tar.gz.sig gpg: Signature made Tue Jun 4 13:54:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5d6387762816d5e8b774ca2df8c3f62a22b90cac * md5sum c44201b298bec056a5d3703040b5e4bc You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfFwAAoJEIXCXpWhbrlNN5EH/A7Uq3s6YWodoOn+qCAquJBf NXenSytxqs6BiAxCTiyK2l3Icuazcsur1rUExagKauu+9XU2G7g2j4z0z4C90qRp C3H4frDfPcMnCiRwrCRcu4YEe7iMfYUtskDx9nHrVecWh1cRdN4EZ9WyKzTtfOIE iu8EFZ5/UAFSOVi+eBTntbbO6KN/bEdireFrzwlV/7pUmKqo66u8hNuhsUHYmDG5 j9BZI/OLbX01nY+CN145Asc6cJICVmZWUi+JLA1K+lZYYqzI/HROlWb0YXuEF/H9 YK6IiNrqpo5XBKTivjNCg85Ge1hS+FqNvRx1NGf1wtJgI+0ciBq8SOFZYwcF7JE= =ekuG -----END PGP SIGNATURE-----