This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomatocart-12.0-squeeze-x86.iso.sig gpg: Signature made Sat Aug 18 18:12:59 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 7da556236a277cf076a309843c137d11d5ed9ea8 * md5sum ecfb1cbe3614a306ccd6eead8dd9e6d8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQL9sgAAoJEIXCXpWhbrlNVaEIAI6BNrErYVzgrei2p25Y2vLp 9wB9zmxcBS8tDrOK4uA6aaTd0hoVl1n6Y2wXy587cDuCvOn21UvJ1zlU12eW7Wc9 CdKrVrK1pVOYggr9qoTy18kcIxcJ++HToYo3p3imLJwVxzxB49VK8pJQIehzzaQp /azaQKSzJGgKSj7USjvP6Zrp2OmDQS+qP4Ea/mKEaWUg8Zv4S3WiH/unbRqNOQSE gJa9oabjGgvZ0LQI9IxnCH0JODlA2eGXWd5HEHp68qUctA6Z5fl+2Z+/Dlnu5zwv UaSt06hHhj/2lkVHUtYsUityqO46ld81JbWylY/mJN1spGXqv6/yDeNn4TeOzf0= =+R3O -----END PGP SIGNATURE-----