This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-yiiframework-12.0-squeeze-x86.iso.sig gpg: Signature made Sat Aug 18 18:22:08 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 80047eebbf2342737457dbde8a2dd9e0c09d962b * md5sum f08ba80d07a6bcea13c6107caa6b4677 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQL91GAAoJEIXCXpWhbrlNetMH/0VwH94G8hytr70e/VniPJz3 o6ek4fkp8P8rh3OFU7eafdC2Q56hA05RgqPs2ARVURxZ9mCQ5n+Xj1yB/19kC5PU rFVyVCsHknukD897qe8N9/rrAFPhJ3i4cQg6/ZAm8pVcv3jaLaYfy42h+E9zB7Aq 1wOOKirbHEkGs+z4hqVGQIa7FeZI8QHHNAq/bgw0XPPs6jI6zwmGm4fE/AzkBQLk ZoTd675Nn33AdSWzKgqIJG1g/frDCXjO/fU0Hp+428tb3xXfegHLCbRPZIMIr0Qf JN8P7O1f11dpgR35LB1fu2j7yOBJgf2H+gCt3ZAxLnz0I7z9MBXCakclge3Lj+8= =4Z34 -----END PGP SIGNATURE-----