This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phplist-13.0-wheezy-amd64.iso.sig gpg: Signature made Tue Oct 15 16:06:48 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5f5ec0c099e997044b7202220c6895f335c5cafe * md5sum 4741898bfb844e8e7e5233201d1b8ab5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWgPAAoJEIXCXpWhbrlNBHkIAI8v+VFIO4AzhvNPZMWqkwd7 IJAG8lQOMvqnF1JIS9pkuGnRRXpRjn+KQejGxolA+fXhD7rY8z51K+wI4mz4bC9T N3KVMRy0tUsO2Ex/iHtpaOi3o4SrxdDoU8O85lXMxlZy1LV4BHQZz4fcCaiV24z+ dM62dgf0CZD2RivlOdQTvEGrSrg74V9+YqYjoANCgsdmiv73DB6cCZ8oC4BBlHIO 4bpCWv6d+QuDZESR/7TM35VJf9lnGuIdUHONYKAxb9Q5Dg9rfu8k8ipg4l4lJ/I8 gsmxbyriwwOqe27ODNdbnffqm1ZcvYo03QzHmZTsZdoGws9rqEuwTae0sxoUhMU= =NPo1 -----END PGP SIGNATURE-----