This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-cakephp-12.1-squeeze-amd64.iso.sig gpg: Signature made Wed May 1 12:12:11 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5cd851f913c9ab8b3789b00b77c3ab13c5ce3be2 * md5sum a321ebbf1f0355d687b6eee37871f7ef You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRgQaSAAoJEIXCXpWhbrlN8l0H/jdbTaRZmhwgHXwuouIhiEKL ACBm2Ncnq4D6jd7UWl6IMhz9h7vMQ6DL/YFZUH5udYv+8rqwFFgnJfi8erQ7rIIh Gz5ILZaQ0ZG53a56DI1kuhz6xdBuX9pdJCALmTS+8x0fMaUCD0TzbELyZtD5NTsI DpRGKkZU67c3PiYnaww+aVKl/xQOncJgfjUTN6cD0Zo3z6Aq3vYSlHPidcmFWMAD 9F2fD+oTI7H0TGTE5HM8AlUq6GOwjbMXS6M+gUelhtxkuU4v4TfgzNC+HSNjLOAh jYSn0TQJsTUAssBQSbHO3efGbXIT7J1yALWh6dM+iEGz+UZ0nbkg3JrrWevgEVc= =Pjpf -----END PGP SIGNATURE-----