This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-web2py-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 19:34:17 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3323912e955ea3faaede797cb361bf40fe758450 * md5sum 651c22957932b348f98656d8461a7390 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXEcuAAoJEIXCXpWhbrlNPn8H+wftfCby6hgYau+T9iVzjxjN TKLXuh7/MqBG4pW+Ovxiji1L8c9ZEvuQ9YQ/mYsiC2n1aeCtQwknmxemIoGWzl+b DomIrrY6gbRk5pl8qHcZLsJGfpD18gCqPdcuXpUCEdFo0Z3Rw2mmQ2uKrGUedhLG dt2iAhpRiL/LnF9/8DrZoVaJbFxsNn9c2EDoTE/BHZN2/rZMwfVeW2aVBmlD4Lcn UTKC1r8fEMynMADK0bRoW+MFOtKS+AMM4E63t72lwPzCEuB/vo1n/jWkM2ffJs8m i8AKIsC6CYUr2KXgtdfN9me+vIrDAELPH13wAMAH+ozbjsfzDL2Lefq8NqJsN3M= =YH1U -----END PGP SIGNATURE-----