This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-oscommerce-13.0rc2-wheezy-amd64.iso.sig gpg: Signature made Wed Aug 7 08:31:18 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 56a697634001293d2464b47d8c459cc1dae8e49f * md5sum ec7fe92b56e3ff0f909c4e40e209feea You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSAgXNAAoJEIXCXpWhbrlNVBQIAMkW4+60bTix3WiUH8YEjyUM ogEwRDQlbREBQrUu3MD5k8ZBZ5IaynqRxlzyax3E/y/xrZJUUkDjZx+PZGJHwJi1 O2GW+7nUCTVdSajCJloCINMqWYAnxe2vv7dG35zy1OJRoSCzGYFQWmVHeFqJr+QE V/Ijzkr6CVRjNfq0bR20mF2aSVUTghiwlRhH0QuWU9ytGHIn1ryq/n/w5mBjLxC2 V3mFg0zZuFGnfHjzyn27rPttcg0Xj8Kg4yDuqKt5GBzVtuavyrQ+ZWZU8BGaPu7a vBX/lm1rTzrkmsE7tW0EHBVXZIgSgJJONfq9R2TfZAISqDsjVc5mX5lt6qV5Bgk= =IkEd -----END PGP SIGNATURE-----