This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-bootstrap-12.0rc-squeeze-x86.iso.sig gpg: Signature made Wed Feb 29 17:18:30 IST 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 5743180f54c0246176c39c24fccd45f7f8ed61d9 * md5sum ac7a288bdf91ce50ae824120f09e48b0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJPTkHEAAoJEIXCXpWhbrlNz+0H/2MeQ87W+rf5XXLMtWZTxNu5 iQhG97nksTNM1MD3tofFtbpTRNJ/EwGvnl1C0r+NxjPKrNo+n4MrBsKDYidlf/uv ZTCVXFgCZq51kBNfnmLpnHey31atl+orX4dtg4cE1n7+szl0IsT8xyAmRKJRCaKG 1MTgNsGs5z1ZkzBtuPoa4XD5SDRNOW7nKkf5cv/X05mwuxB5UaYeV1ja3ldpK9B/ /wVdU/4Mhl7rMDiZAO/jkYsd69SEj55YLZTRWE9TkJ+0NIroQoDLwhoXXYClpahy gIyCMkxgGBurwjtLCQll72PfgbvytahrTBAv20YYgFBJOcsVRDp5GyefkzRGVrA= =DyIL -----END PGP SIGNATURE-----