This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomcat-13.0-wheezy-amd64.iso.sig gpg: Signature made Tue Oct 15 16:56:01 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 44b3055ab4abc44e7a2392ebb99357298b3b6da2 * md5sum 7ed2e22d54fb47cea568aa93da12e13a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXXOWAAoJEIXCXpWhbrlN7ogH/RQJYmX8tqiFqRKl8LHIYP12 97tAaor+roAmHC5QLguXGQExPoFDgpn3WMcn3oexbdiZDHXPTq6yKfyPnBPSOjFc cnZ9aFFAkeTztt52zsULeGvOISQapgfpckqmtc8NdvSX0NnfchqNmqtqNCIQMM5z wquU7vdaajZIYE/wh5gC5AdguMqU6c91Cuees54NtHGnuLuWKB6qIug1euNx0nOI /DXVmELJN1ODAkPDTVNNSfegoYfQWmLNjYtZljaANCj4XzI1R3bZ+q7MGs9TQpNW NsWHTpYt1HLYjwwLtFQ81mYHHIqOEfhuThiz2BIp+LmLA81TXFSBwvAS7ewQN5g= =BzvV -----END PGP SIGNATURE-----