This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appflower-13.0rc2-wheezy-amd64.iso.sig gpg: Signature made Wed Aug 7 07:33:37 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum bf1bfa0ed597bf265f6d165b04d70e0f808e6d80 * md5sum 14b3f5284d4bbe3b1a28ec9dca4b77b5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSAfhHAAoJEIXCXpWhbrlNLq0IAIb/+nP599Py+IrVjXlu1s36 a8aKYluPkNk1vZRvMVwlDGfsrfXRzbbuRk++A2JEKAvaVVOeokTMfnypyQjwB0+m 0NR1TYuP+K7dzmn3Ie4uSR1ncawjjLTHUGwdDO16D87v/2X9dGdlnyNCLjXFpFzF PFEv9ZCVUDaCiERcDDMrkvRGP3WYFmCvKGoKZudvSkj/AbAVtNPlh0OW4Qpp7KmW RyCTGMV+YC8OfS2fsPUp87gFjOvi5NGodk/ziY3NssUQUFjwZW7EsSl2JCrGu/gW me7hTfnPP33pM+u9skDdLxM37L9seb2E05DxWShUh4l5+Nk9eKM3av9jo679OiU= =nlyv -----END PGP SIGNATURE-----