This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-silverstripe-13.0rc3-wheezy-amd64.iso.sig gpg: Signature made Fri Sep 13 09:19:39 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 866e6ae8873ce57ec4488fb5e21e727474835e19 * md5sum 1882810e7b761508797bac16b4a976a1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSMtihAAoJEIXCXpWhbrlNSGsIAOs3h4oBZly310M1NQu2NT45 NsRpRr2u0zJn8UfDRPvnrcVvucWHnka/Xoji8yYIh2Hm4LFRqanrKHEHregRdNAb wF1h8gIxaAsgvUsohwCUZmztGvSDG5/fMiocWVE6e3/dmX5zjCtCBgxPnFU9o2Eh qrNpLOIQ0e/cRfjqJP0Pb4zDFLP82YSbCYPSIW76i4zhYstxb2e3/kxABcSq/a6w imaHqfcctM6QCjRpN+/qsrun+f/4kQY6E+bNcDfOCWDMAHljxMCseTzVm+ZPXI+s KHobmrppNTMgrOfy2+5cstRebd4tvJsi6LtEmLWcBMIedveeMvcTumUnZR3WBrs= =Zooe -----END PGP SIGNATURE-----