This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sugarcrm-13.0rc3-wheezy-amd64.iso.sig gpg: Signature made Fri Sep 13 09:21:34 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ac4ee779a7b709af962481e60ab5c23e4140e2df * md5sum 02ca2b805486129922f0ca819a1285b5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSMtkWAAoJEIXCXpWhbrlNfm0H/juPO4gEsJPDGw7SWIbrI9zr Eygi366tcoJqhyjcjtWrZ+wiEra1nQpk7x/OTo5FuxWxctJvuyHqzYovHuWuWWRh 7KiTVRohNTHBYatZCa7AfjVDRWDiir5aKitROSLTVdD8eeSJt2KuYfB3COBBIypC HVMnsmsHatpNH7uYimTo1rZ56b5vs+oW81uXWE+4+lgIMdctxfq8SOrkQL70YuEa wtcFaCi6NQltIvdaSw5cWwWewY6ThOI5iYRrS9TSGaXhqXK1Es2F+2IJ6N9b5hFw 3nMJgNAQzMXK7wjOgMUuD1VWLdlm4lcvjaGrP3NKYpCIFdbH1f6YVtantZneamw= =Q0q4 -----END PGP SIGNATURE-----