This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-tomcat-apache_13.0-1_amd64.tar.gz.sig gpg: Signature made Wed Oct 16 10:33:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum debe6702a756af0583fd901f5edf2891de2e4f99 * md5sum 3426220bbdaea2b78502a2a31654385f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmtVAAoJEIXCXpWhbrlNwQkH/0vpEAUsgM4w5eBdqabFFVXI ajej40GrEzokF2VpGpYcAHgYriWLKoJ5/lD5CshntHw9ZX8UJGQLeNhApy8RTB6x rqenAMiasyC4GY4lZy4WtUH8UkSpL+SkCBqbEhpqrocQGLUuxrH/S5bu8khEcmpZ kZ2MkmYOej4Mz7Ywddxg6g0izD+BIaGvgqS/UofKU64YEajtx7KUvUgFw///qZWG peUnyi/NdLe78wsYZLn40x6Pf2rK5JE88oM0x24ZwMcPBYnesK862MYczcjzcyw5 TooA0Nx1PAW9NmekwSW5jSDVdkhl3MvEsAhY8aNTVSpxLvyZbTy9R0PpqChl3G4= =MMXj -----END PGP SIGNATURE-----