This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-piwik-12.1-squeeze-i386.iso.sig gpg: Signature made Thu Apr 18 15:31:19 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9e6a64b6fbcc8706224a0f51c96a7a90cdb93e7c * md5sum 2cc5c6b74f53c13fc35f4a3ecedf932c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRcBG9AAoJEIXCXpWhbrlN814H/0aL3BWYrc2ihHNx5NLe4j2O Ty220RU2KnxAVWr6EC4wtveaDQrHj57VOZ88hmpcRFrUt7zyuJt5uShgLtsv4IQI pLS8uPMcyvVuVWgxV3hxhDJdNm1y0GrNurqYcSUGjr6l0MDQTa9NDeZ16kOdSHWJ 4ZMv11HmsKk4cEnmT/+KfsqB7jUd6Yb5spG3nFdR/9i5bankKtVlhYXC0GB2Y0jv 6CIs579xBtH+VtLT2pk4BMbNOznSU/22OCsY4oIDTkjkwUw+Wf7VKmav+I8C9Wmz 24NI7bmE1yX1BWnBgFJDKUUkKqD456eOOZuFgWYweXDSOeDUraqEL5nA49F+3rQ= =MQ5P -----END PGP SIGNATURE-----