This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-piwik-13.0rc2-wheezy-amd64.iso.sig gpg: Signature made Wed Aug 7 08:40:25 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ed67b6377169cf6763f9688bdb9a9702768e35f8 * md5sum f511f2d630d952b75095c935c8e96dec You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSAgfwAAoJEIXCXpWhbrlNMREH/i5cRWQtajp8QLPBB2vyUKxM +Gs5rssvVA2MABWG9WGNGd1iyb+B1cH9tW0nzgQR4VG6ViZj57eROm4ZTm2neIum iyMeFBHHsl6iYvFkAPrrhdtcQdYD9a400+k38ne5DbiZ7r9e9qJExQrqKhVvkouw 0bdS88TwxXO5Uex323lzVOq+qzrhLZGwRqZ9ZwCeMQH46WZCR8tgwn8PqJkF1XDY JCnX4PclaTSoSjfIksGZ5wLGlCBo28e0RQ3xwPT94a9FpUZWzt209tmjstc/DhK3 cStjkdmipbF7BMuobLqm3GnuGGrH48ZvNoY6nAYYTb6wRG+magbJD94XQJ+6GKI= =wcLO -----END PGP SIGNATURE-----