This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-oscommerce-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 18:27:18 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4aac1265153ff13a4a6c3cbdd86df8ed2d140a19 * md5sum 88dff2653e8d4dde31edfae3d9085da0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXDd8AAoJEIXCXpWhbrlNDF8IAMMAR1FKC+EOBpT9ucj1N1Fn v4nHmqdYdHePhrDDYP9/nNBxDhwR+gYEjI0V1Qi1j8DPHrgwYmd3rF0NsP0mekUG VOMETC0NKFVVw6lDSndKL1QkZbvAPdWArvfuMzeJjQsJMnxUWSyY+fG2JR7aGaTe vuamK3XHl6KMovY33tBvLnpCxjO0VI7lZV9CrLp84jV9ENkr730eFa3O3BPrhmsu JbyqIKw8BoI9E+SPNJFfjo1Ib3CyIuOxnFipAO5XzJLl2bdQUJIFmHzd10GUUocn B4OhqFKji05MBwJqq9OYWGebSzio1qyF7XQe92TWQEZ/o/TdvJsta+1nZAB0u60= =x6dJ -----END PGP SIGNATURE-----