This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-fileserver-13.0rc2-wheezy-amd64.iso.sig gpg: Signature made Wed Aug 7 07:55:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4129a300430a94cf4e382ef23470348fc20897b8 * md5sum 2cc532c726b28f3f3736a25661519015 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSAf1NAAoJEIXCXpWhbrlNFecH/0XCXw0hdQkQ2ZLu7iVrqpT+ lE3bvi+RBR7+RDhMDe9LrKtTmUWXLzqGWepUxCO65EKkrD8gmE7r5ysmgnVZXXB3 Y9CSLDwnJmz66gACJb/JFC9G5DxCuKRGp/MMKWg75TW1jswQ6Ew7Jw0zOIsVVsTz Du3mo27mumHOvmrQgdcr8L46xdmRdkf5rEy5rVaZk6lWyhTH59d7An/aXCxrzq5c Iw1xYLTnG00mNeI+pElWNQoFddTWp4VVsXQfIDR8ySQlr1JBDifFM7Huimx7AayK UBdGybfWa1hMWdKrFwxN/FAlri/+vxtMQYrWGFDOHQe83ugGSnYhIhxFuFHhm0k= =h3We -----END PGP SIGNATURE-----