This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-rails-13.0-wheezy-amd64.iso.sig gpg: Signature made Tue Oct 15 16:38:30 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3dbce1d725ee89e495ad6601d8e9810870cc3ad5 * md5sum 120341a787cd106060f9fd644d6ed0cf You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXW95AAoJEIXCXpWhbrlNa+wIALqVFQDhOblaMWDAyxAm8PhV 36KIaGjp2Cpk5tex2/vp4opswPLqdu6ZYjd2BcmNTPOa+Cc+R/YqXopKR2X9Tm2c OpgyOHKgl7rg6wN8/JhZgaZKAUb8n55Qpw8c4nRvCryiBzwIkiqNjBrc4CDHjcgR KW4xaR0Oxg58SfdUZY4EEAwGviBoA4A8AlmaSxfjdYzrWzCmoZIY3kU1Y15wiMwt DCr3OaUfTKdDHoIt/R2P68Xorjp+lnWgWI9sBnTdudB32BYEcIPp9byWXThWdR+R D/mhyRSJk8DybwhB1XGNvm8IYsYJyUzDjqXUsZ3qMlBXi9YaHXIQVm41/UyVDQE= =/hV3 -----END PGP SIGNATURE-----