This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-e107-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 17:28:55 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d416c9af9fd5b1f71c08b891f23e7062d1595cec * md5sum d75fd0be9d5e265cb98d2fecc732435e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXCnMAAoJEIXCXpWhbrlNmCsH/iZXVrkpjKCqNFAj3EM6Ro36 oKEDkmZJOcrOW2qATx/ejwULHdQLQBbXr91ElGRGoCwgBwnD3KYyh/EdKY/ExwX5 9C4H4ARcRRETtuBiz+qXVo0SJwss2iUFjG0WgbxfyYzLl1IJqOlLGejhjUkq27jC MAP8T2sRkfLDbUyhWn1WtFFEKwxaVrGL233g1UFddSMx4NIcGNAVoRV4iZLOlTlx F4rM3tkiUWU83eSxJXVxHvbzVx8tH1KZwKqSJ/ZPbKf6NZ2iCDAYVkChzcUqhFvm W3DqrGDayQ32hr+t1isRH+rRvZlgJxw6Y5HyGKWGdZJ4vDuCk2z4osPEbSTIy54= =SiZT -----END PGP SIGNATURE-----