This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lapp-12.1-squeeze-i386.iso.sig gpg: Signature made Thu Apr 18 12:57:44 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4a732a7fecf5a8dedad5d4b3b7ad5d84ac2f6736 * md5sum 4e58c19124961c2d6b1032ef90dca3f8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRb+2/AAoJEIXCXpWhbrlNjK8IAK3c3sDGc83Bdcx7X3Jo2icu zB4IPHLT3RYheqM3AC5PMQzHvQK9i++8gPR7jA9UypIqkqSR8mdTgUz0NXAQv5zV L87go6IfmKQtBQtmLdSGYphnO9bWbvBCKB5xZU7jSVIw8l3t4ewWcBAB3WyLLyR0 0JlVOvHbRXrvwoFmqhxB0L6EfWV+Sj/gl3if5+RRuL6cO/ZSM278z39A6J5zkz40 /TIC6/hdiLzjjOJhbS/8HgHmq7BZQbZNKwGPSb7ZX9PHEbvVJkZRDY2/3sTm7ApS gmNg/suSOGnKq1kfYw6byJVvqcVXMaag5K7Xa89sbZEHSlhc6NvZHmenDDystkY= =HHXV -----END PGP SIGNATURE-----