This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-web2py-12.0-squeeze-x86.iso.sig gpg: Signature made Sat Aug 18 18:43:38 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 05c5103df51db2b211e21deda8e147589465228d * md5sum 097dfa6f80e811deb39e9055354907cb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQL+JRAAoJEIXCXpWhbrlNwowIAK9QBL8c6g51AsP0MxqDMye2 Z35rSt3WNvTTyglSBT9avbogVdlj1Zu9wxc6KJ31PHSyqyOR+/48Llp1wFaDtaUD Ro0eJs4dAgtyUDXG0E5BqQeTr7Gdnx5A8uUsZgMXNfiTX+mh1858ptH/WyALYLYZ Vdu3UJvW953F1yNkgfj17d8fbBEfCTe9+2vXibPk29pRsRTv4c6x0q3IM6OHRhWZ mno2MJvc+NdW+pYh+PWVkBzwAYTxAobnRe1+d6rZl73Om1cV0OK8bvnej3q/nufm g5n1mio0Mk+ApMAULLfX9eOKJil3wZPXdphKmxxfMCErucLLEF33EpU8pIvtxHE= =EfsF -----END PGP SIGNATURE-----