This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mambo-12.0-squeeze-x86.iso.sig gpg: Signature made Sat Aug 18 17:21:45 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 7c019193b90114e097558bd8681c6cdc4ab7082b * md5sum 19e88683702046782d6578158d045ab6 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQL88gAAoJEIXCXpWhbrlNPG4H/iEzkOXl6H7M0E3BEnXZ6LJd Oc3he/VfpIFxcyJN/Fq2Vfc9Ejay8uB+uh/5R/WgD32FEY9bTyVGLtFqSByEGs/Z 9qdXno1Lfyai0FbTNIQpAkby+jNZKlqTwLyGOi4MArEv/g7BGWKG+vq6DCR8H7r6 ir8852us7Fud6/nqKXCL46hr7AoCarN4x/Z9gLUCm/5b77h86mNcp4gOSFD6USE/ iRMikn7+3NBXvaO+j8IjkUr9i7zVavHLSClhz7dvSq3BJ8LDm7iB/AlN3m/Ez797 K00L7INBbH1KmTa0gIgPsZyMHE7Nnbp9tdWqXbo3KeLNYPFZ14IxOwWcZKZ4xJQ= =v0QE -----END PGP SIGNATURE-----