This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-jenkins-13.0-wheezy-amd64.iso.sig gpg: Signature made Wed Oct 16 07:18:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c74cd989a3df296d826fa16fc129887907086f72 * md5sum c47fbf7a1f2b10be6252e272fd47356d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXj2cAAoJEIXCXpWhbrlN/SoH/RF1mDr44iISN++GS15gmZ3w PCdaCPfzRkmvka8XX0TX9bVaCEdqMMMM0ICB7ixyCrpQwNRBbNWBVl731QI/ob7Q 9ZJvrV+0hY4wq5mylzhj1TQ6GpF375chFY+oEUZyFJE6RHbT5w5dLhrUIKdYA5wM MXszcCZLSs9FEdGu8R8sHEHTNNR13lJWZ1S1gMiqZsr3kavySHAgjEfCr1RXubhI FUT97TFCbFgyftwjkYihvRNMfzB64sKTIOfxr8jTWN9XxrPVe4jrJMXekMVYbpPv tuIDhSNgnhUZoYEAcrKc4/Ul4p+WarJtQ93ij87zttp8AS8gNx9xqjMoBbh31qk= =Z53F -----END PGP SIGNATURE-----