This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-orangehrm-12.1-squeeze-amd64.iso.sig gpg: Signature made Wed May 1 13:13:29 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 703738d9dea05c46912a953c7f1c8314f6e7ff5f * md5sum 40ac49aaff1b9c2907a489e7fd2a7aac You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRgRTwAAoJEIXCXpWhbrlNqskH/jUBQVgY6NAGt6r8D/g1Kpgi lvZ20hUdi+LIiPoA93Q/aBQ3fvJ41hJqQmuQHyJSHVcg3aXFU8Hk/zDvYxhBqmhK CLeBX7pdsHuoqVGbR4baE0dq19HR07jTg4bEJIVuB/taZMS2VWToZZ3y+hYbfR8w eZugmQOyRToAMPKClLu/v9EpO6/POKc9TQqniWUj+sJ27fU9+80AVqFfXyGsnwMv UW/7ouY4LzWLI2ZtLaZyqSO5UrTMh7KhgLdZA9bzh19QG0JSCpDdViv1zTRZ3NPz pt3iSWE34DyQQ27+2/22c1cGhWt+aHjUot8UzYT/w/n7XMcld3rInfhsU+m5QCk= =FKVZ -----END PGP SIGNATURE-----