This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-couchdb-13.0rc3-wheezy-amd64.iso.sig gpg: Signature made Fri Sep 13 07:48:51 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f90f7cf1dfbcbc5ffe883c111faa289f848807df * md5sum 0b87dcd8dcdcc55ff301b38ac9eb6d9e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSMsNbAAoJEIXCXpWhbrlNsN4H/1oyLDf4qzhFEPu4axiiaBvL 41Z6aqsEtHToZ2IEN5b9ZFGuabWf6RyazY96XjXw5wIwJrEjA7doNByWPhGH9Jx5 3C8+n6T1hdrQattQmxyqgdApFCpBQhYJwAHEy4qCqE7s8nGcz43coGPMki77fzRk Vrg1asLZA+q4toN24nBQpn3ifF0155DaThOrft937T82vpIEkbD1NZADt7LP0Zox LMiirrKbRiGJkV6+hfvwyOdYtPKdGbWHGzQmVsNPOJ8Z0fnXyYHJ670NoiaUNkBk RbwiQJ98fmB76d6zOyWgCU182Qb+ll9ajvLFqbzkvUD7kq9DMaPw2LRg05c5j3I= =xrh1 -----END PGP SIGNATURE-----