This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-drupal7-13.0rc3-wheezy-amd64.iso.sig gpg: Signature made Fri Sep 13 07:52:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 13981b809515294e6283d232e69203d09d448b9f * md5sum 171a2da5d04eed962dd73aa51464bd1b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSMsQaAAoJEIXCXpWhbrlNw9EIAM19P0bShNHMaFoPa02G/D4g Dw9hcgz6nWGTlFYHT63aqxNJyXt4OwKIEHMEXEIkIp1UNNwDFERkUIeDFQw7ZrBP XU4gMaUlltJDwor+qza6z6lpkimw8L0dIo72K+z6ckBRwiKFixje3mNSPyO9Ze3v AE+YRdUgQIheaCCO/AQ3XqHZ8IwgSVh5oK182fz7c7FUFh/aIBiI/3HkFULgDLZY OUcfrCaWgaafskLMtB89WmsbLRpwFJp5pV5ow/XIrqCqORGasVcpeMW7ZozltR0r 4V12kLsoxV1e6nm2ZIWgAfk/UwbZpI0vI/xt4AESPLosc+r5rNjgO06DyMVWVZE= =8pRY -----END PGP SIGNATURE-----