This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nodejs-13.0rc2-wheezy-amd64.iso.sig gpg: Signature made Wed Aug 7 08:19:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9e1f92ecf800d99d600bbe184630ad3cfb72d766 * md5sum 0a22ddb5ac013031cdf93da4e6bae545 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSAgLuAAoJEIXCXpWhbrlNHi8H/2dvB5aYMhBcY+f6OVDTvmYU 07P/+HSPASOdLZhMdoKVNYzQeFAQmEIcHSeBShOzWRSsdn5f0dB4TNkVohevxraC 7StYzRtWOG6mgGFAltRZKQ03Wwi6af6EpIvRILq5g7BT2RWuxXlVwCsGcQRnN06y Hs3/hPUjuFgxc4nGZr3XOKxyllaXjA8GmIQe2OJ+58MxQFBrYfQZQGB+8ZJslhNE +I/ycPgUBbQ1nyVcJHlL8C81M2mGib46eTS9cKB0Kc7H6g534Rn1rko+sV+RAq1f Q/GWM9Oq2Z05xOGyI65FYmdKzj8uJKqQXYJjajqtxaq7Rv1og6g2Smir+W5lJLA= =NI3M -----END PGP SIGNATURE-----