This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-asp-net-apache-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 17:13:05 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 1fcb2d26a2fbf94a5fee6f5b1ef3414a2ee91d4c * md5sum 026140fbd109b288e39db049d361db95 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXCYWAAoJEIXCXpWhbrlNbjUIAL1dfrVPRc+MMkrkjqsNOdoY zSYSL6uXyBaiMr7AJ6uwkNQR+QoVrhXTxE+R1rNCR4xH+q4t67OY8gC8tPjAVk5j Q026Sp4munMXBbRAKHw7dCSbePcgUaZwoUsZvwxJUdO0KXAQfva0AAM8lGA26l5k 1mTlH7W9ryO4amgEw+qS7kv0iQuLaDrj885c0IY/x4x16q7fZIcjM7jImC28Rjnv uAJIgkfxnX4Jcn0U1WjjQ2jUUw45I+3YB8PutBJCY0OL7adFXiKezVqcfClGJDXw r/zw0RBhZMm+WwWFXioLdQ75WNjoZhIHi1zxyXepfcwuRL/YVfyhMcil8XmTE2A= =oXYL -----END PGP SIGNATURE-----