This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-concrete5-12.0-squeeze-x86.iso.sig gpg: Signature made Sat Aug 18 16:58:46 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum f551a88c71e18d7cfcf7041bd4432643435f8c68 * md5sum cf00262d213a2ac292ff6d822d8ec86a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQL8m7AAoJEIXCXpWhbrlNZYYH/0b8+Xtztjecy7nvNIiFM2Hh U2F87MIxpTPpv2IOn4xzlXhAw0yKn22wHDFAtxAzWyy/cjva9ukvhxavKnFYszy6 8sxatzEYwsRvq917FbKKf6bgjzxfPz8NEDpCJ8XnVc3YbPRwUyeWyQQ7x2maQ1fA WlzXzfgi+lLVBh2o91zf0iW10JM2ah3qbesW9JksS0AFrvYqrFSGuIytuPn9zqGb TtPoA+zXwJ4Z5pgV2+sShGlmmZB6XJwmGEw7yJBvTTZIdB+hZrejI3YqmtJnIAzU LxNCK4l2q7k8HIP26Xc+YD+AndN3u5eXtq2mP682Br5TT2iz7gPb340adlgN9oQ= =r+Ft -----END PGP SIGNATURE-----