This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-redmine-12.1-squeeze-amd64.iso.sig gpg: Signature made Wed May 1 13:48:35 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 803f4b34e35c26489a9d71feb925107cfe50f6ee * md5sum ab416c079aea02e9cf80e1d356f46e63 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRgR0jAAoJEIXCXpWhbrlNbV0IAKoIPBWt7xxndHVqk0xSUVNa Uylydl/6cHRawAfH6P7Sg7xqTdpiWuBcX7nN1dMmWWBW9B8FTjruWs+zZFGcgBkF 9Ajfguy/C8aMo+29mZYC5EgeBbAfebiiM0WNVdSvyX4O0K19QAJnNMl7LZLSLG+P OhIs+9aDhWREohN2m1/Bu32e24ZGAauJpo2/glhcowPSv+O2az44GmqPH8hi2cbJ acj9QIt+2qdnA0k97bocAM9dczrDrxURXnF5fg8Mu2vfM140shqJLzs++os4g6hZ ovJPaNr6zBqZ2Xnk/1J9FgOu8neJwaA8RNiznKfui9YNxqAk1efv5VfwzkINK1g= =V+eX -----END PGP SIGNATURE-----