This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomatocart-12.1-squeeze-i386.iso.sig gpg: Signature made Thu Apr 18 14:08:56 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c7ac1d621989bbf31ceef61069a109d1c46414bc * md5sum 709d46141e616121162310357eb01674 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRb/5tAAoJEIXCXpWhbrlNZaoIAI6DRSRjQptf5eNdg0AZ0T6c EqZk6jTQr19dmgel28DA+Dmz2WcqCh5vnVqFWa+HsHmYBUFPx8DoAuQxfS7EzWah iZdlSZeKUW6Vx39GG+mkkwt2EjoNsnsRT6BCw/SXz0dAPIJqscbvdQlIHMuXR/07 a/KjbsyQIRW21A6Kb5KB0QExgfDqMy+aY2hVkeHNXwLuWqIfbJZ89YIAm2emNGJA J8JveUY7uc5GrAf45jNR3orMAwH41yLA7XVj1C1obKY3iG1WP/bVLd8rI90hptwK voVK4O1JuV/+z+rQU7QLMLNhSNWAH4vU+fgruLTNa+lDwlaf4F58s00PU02oFvY= =ipy3 -----END PGP SIGNATURE-----