This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mongodb-13.0-wheezy-amd64.iso.sig gpg: Signature made Tue Oct 15 15:50:56 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum add37b8a679a40554e759058b89c0b5ae20a76f4 * md5sum a46ef45788f0568872de3c0ecf32699b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWRWAAoJEIXCXpWhbrlN1s4IAMIO6uIttTkp0xcoNVcspU3g IZnbY2vUN4JOhh8UejBmiEXpG/SVgrMXcIPBekNsZ4Xr5U7cZskwc8dCMJNKnKkd K7YkmMrG4JTTJgZkCJVeDnkg7V2JOdkDe/Vz9Mmw6qNlmTamdxHGk1L7vBFMzV12 zDIuSVV6KgfTND6Wqhz8eWKMoiWENj/OdfyhUY748WtKk+FYdNREATnSbEI+Bb+0 hLJMn/IgbSHnShAM21ofdu0Izfo/dtU+wfhL0eU3iue9e7TU0zNsy0pjATGDmmP6 IJmkWJOU/V5c5xgKSmiWqd5di5wVgK3sWqaXmcjHOA2x7LWFznuejhD3AA4TyPg= =d6TJ -----END PGP SIGNATURE-----