This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-zencart-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 19:46:33 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 04b9e43e67c3745b622235afdfd2c26488346f07 * md5sum 2389559c926b06c34dab917766491063 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXEoQAAoJEIXCXpWhbrlNZBAH/2W+eVk8g4BIA78d0gtEFdhl xDYFVakzacvvwOhGSROm5WADx9oqZUAxCd6PpKX6BLyPGLSfJ/YxI5QSxbeZBmF7 4hv/DpUuc0mzTaywvQmovMeEUi0ATE4dQQZYBASuRQJd7SALv25iSbTHHDCbOhAX LvAeSdFMzs2DeOIviaGgyJ2mYlICmUyZkD8bf84ZMfu24k/5Hb/I5AWMJ36b0UAc YhvB4XIYJEYzYDHhxDTl9VHyvczWKEaIK5efcr0o1xs45cvDfk2eynTapGYCVuCe 15Uu/fhecCovEzQKIUcUEMM0dNE3JUMLfaZDOksjtq5xkpNoRWcyTgmskQN5n+s= =TSRz -----END PGP SIGNATURE-----