This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-moinmoin-13.0-wheezy-amd64.iso.sig gpg: Signature made Tue Oct 15 15:38:35 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 193598ad341a630ca04dfea836ceaf587d09d6d5 * md5sum 69482bcaf87ede53370498288ea9f854 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWFzAAoJEIXCXpWhbrlNhrEH/0xAY3vAaAvb+IMjlQXvnvMt 9ID77GBsSSvIk2l69tXnu52HeyrH1CWznJxFfYO85S6QlE2XvIGTfcNW5Kio4Z3Q +6+uWrmllUEgg//SJcYHFGRVPzzcV/A6aVcLNcXNGAPItT23XH7CBIDJk4sYA6B2 1/WiuojA0853KtsZy1y7fpcYBERBiASatqL6uUmSQ5M6tMf3pdNzmBS6ADTjn0qM 8TZMY5UPqh3AWwKfSq2k6FijpoCHyPkNaNavd3V9qMzS+akhI1/gKI0sI8DpaEel b1XFvW2mnfvG0LJfjfGrAjFsWYqNU8H49rdfSI3vZKLSMrC9UtxDdxmD9dRpNrE= =rHIy -----END PGP SIGNATURE-----