This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-bootstrap-12.0-squeeze-x86.iso.sig gpg: Signature made Sat Aug 11 18:07:38 IDT 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 9d3155fcc83392c2a9a36af20306e211b67751cb * md5sum 83cef1566bbaadc6cb7c7b591f466084 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQJnU4AAoJEIXCXpWhbrlNiCYH/1Zi8u1HUusgJqgcf0/V0Wc2 FZ1ddxt8IIbz1hsm5CHVnXpw3aLwRy3pX33eb85Jk9Pq95c4eaIw31oM/Wf5VoF5 v3wTJvitvVv6Crx5Lu/NlsiVb/It1V/clWmCaL5ho0O4/3WGveSl5A6eZMXKqMz0 /4QKQwLfraQLxQr2/6+WPC0fvNREXaNZ2TvJcB/Yig18AFqUk9ZOLTXbepGAKzSP GUSi077AkpqX22Wg7LveoUOQDgubLU9hdMRuygQBPRfRz1ZhYCLJDRhd2m32S54A V62tnyxCl728jIJESM1wYBlgU6VQpWFBWtyLqCqO/xzWAMsE2asoFUNW0Rn7YH8= =SBIM -----END PGP SIGNATURE-----