This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-piwik-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 18:33:24 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 388798021d96c75c52781f6654cee0b8ae60f450 * md5sum fb843574a865d98b918619ad7353cf4f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXDjpAAoJEIXCXpWhbrlNblgIAOBFcIMAVzJ2y3GHPEy7Auhb zdPxGP/bu2vOMUwsDoij+Yu2EQKkXrRDBTyocZw/LNTh9wcHR6c4WJttHY++3Luc sNgz6DQUFEPCzwdWZX6gPOFsbQ+XA33NJHgT23RW+S07wRlVQ07YD6FHEGwIvivp dwM4AXPOJPBpGEhMBq5RlE7fSFStMs4XvqBhYnG3XygfZkeeT0V9n0lWsqDYtx8D 0MFsJyZT5ed6xnFjQMgNRrVSRx1FhhUDUHcvCRoP0Mw2QrxQOAhVw3rzN6+oJikR gSs6v9c6K1oPJVWNafDHcV9+HWj3Ksbo/6lLj8tiOemcZUFPOHr0P+tRXcS0JJk= =cD7E -----END PGP SIGNATURE-----