This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lighttpd-php-fastcgi-13.0-wheezy-amd64.iso.sig gpg: Signature made Tue Oct 15 15:29:26 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ad37ea9b7b630e7e69dde0c8dcaeca27b003060d * md5sum 345a50caf24044594e480296137f3f42 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXV9OAAoJEIXCXpWhbrlNSNwIAOPMjRt1ZEQ5/xs4By5sy4Ux JDSeUXGjsgL9rEAFsL32mh8Gpw6ZVBrPpzWGPCEhKG6Gl9fKw4CCD2fwiZLa4TrR FHxhD4zZGyDEmyr7uykvHSoSB0T9BKbKWmZPbRSOdY0Cjc9+sADFLjYw3dj+VoAV Hmo7lOMv3ukJNdb0D08yE6ZKZ9w2wz7u5eyFx3nh4VDtT3KPfziBohrTky4FReoE rCcRMjnMNEvPP+jXeExr7yfm/S9we6M6c+Ggyth+dSvJO0xYU0bUh1C8KsHuO9dF MF74I2lNX46eEqkFJ0sr5LNNg4Yxp9QN01tJggN/1jdO5GeBv4aEJ5f2TOh8AcE= =R2zd -----END PGP SIGNATURE-----