This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-orangehrm-12.1-squeeze-i386.iso.sig gpg: Signature made Thu Apr 18 17:03:54 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c9bdfefe3237ead2d3486855a9a7eeccac244594 * md5sum 1f37e560174d0bb435cfe61fac9c920f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRcCdwAAoJEIXCXpWhbrlNiPYIAKhyFA3DbUTOjtnwa9Z3tWlM k6XwXfTjkp7x1UbPXfGBmUW2oBgEc4anHlW26L1QsDbUM11EYbR2WEk/6qCG1DPY KSzOsScXFbm06ft7x7PQgI7d07qlXm0rJ+sa85D4bSDpXLAjT/EhQrOAna3dV33V qrQJXVIW7FNnyzKBaPRXUvXA3uei++U1rJnGudJ9eFrqDs4igO2MA31R1WoXUGPA jsxylDz59Av7XS8GVpw0GIgjPGNz9xLBDARwoWPbMmhAYYMieqHH0XW6b0cgmWrh D+ocUFxRF4M+QmacrXopbx/Wk+O2W9nEGu8F2FtWYwKpn0tvtGLUo4YmZ9fBi58= =WShu -----END PGP SIGNATURE-----