This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-icescrum-13.0rc2-wheezy-amd64.iso.sig gpg: Signature made Wed Aug 7 08:05:31 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4e113fed4adbdf746563ba5b1308639e8f1b4f12 * md5sum 85cddb4df3b116b8d9200698dd3cf9e7 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSAf+5AAoJEIXCXpWhbrlNjMcIAN1mkGhBTJUOVNYx6vfBdxpP 535GSUNOG+VlFWP4QLK5pGwKnPfZRb4IdObQy/wC1Y3uN+hxuInh7xfloRhVym8Q ztPPhvPzx09w66SUqBXSJFQNDtXcuZu2B6I/B4UbXEZkB0VCqDgbwXOVtY4UFLwL Hjkc48TJE4tNQReYue7aXH/U5SCJoUfCVanvf+0QSUkHw6P1cxuhPLnpXqxRl0cC m4Np5xMfxmPNCcEOyfh1+SWZI40rTpLdS9+II3sI/rb5vt/1yzl9K5YHMirL4MlK 4MX2BjIpPlHNimI+wGPLMPh0gpCOIRCpF0oejQuxCFzf1hKTAxUzQz9ws8UU8v4= =K3qf -----END PGP SIGNATURE-----