This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-orangehrm-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 18:26:32 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3f4bf21cc8136f7085904a970250fa34762d9da1 * md5sum c290d9d02959538013ee51f15226ee22 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXDdNAAoJEIXCXpWhbrlN8CwH/2fjxbTwVIhx/xtFC+x7GYKZ hQfOA9ALinEmcqB8T4idD2wPMTve49l5+kxQXOBIH/iNgqhi1A37upYeDWxalZJ1 uKsSc0atW5St69HTjODxBpCRNd6TSFIdLKT+ZKHO75IvxczwgLWwqlNoPhd39oVQ 673ptPEb5vsSxLsmr1imSNTXdeCOGY1zF1sGKgG3gVvb1SKzm6MwPvFMFXMMZxl3 OPu4LNjJyyrcNLmVs35wlBoaAhxIolx22fGgr6+eCRoMhvWSNP1p3VYT+3mJX0vT U8MBQMuVWAxkD9SP0qXLK2VfDPVtCZu3GdwVTW4/DdRYOiGK3mf/T7XuyeekOoI= =Mixe -----END PGP SIGNATURE-----