This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mambo-12.1-squeeze-i386.iso.sig gpg: Signature made Thu Apr 18 13:06:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d2df72764ae3f27a507721371c56c6e1e2d52314 * md5sum 15460451df68c5e95a48f575b63256d1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRb+/YAAoJEIXCXpWhbrlNq1AH/Rauzm2UeUrhLXim8eqABGWs JD/LaBOjCbcJP4fYFgVtz8IL1/ZeYUqs3mJLeZ80L3ac+Q5n0vSN1tZqr3VZ0gkQ Ig9KfWfj+RG7S4HLtWXeB7WMPjxFs6jSxeN9m2MywZqsAVp8jKIS9I091WjNqQnt YbS5JcuEBNn6Xw9skKuuQwKXgpvOBdoJ6uOydPmJEYfFlb6DKwkf+LyIMLET1bas ma4J6xLEe7R3okYV0sqAU57vkHHDtSqm3KDeGUnU26UYjklj0RBqFVoQnMAogbKz HYw7bXO9RMuWOR//TStYP09oAtTGnHtJApnXen4+pNVXwbZtFentavRGPOCZTAE= =JckE -----END PGP SIGNATURE-----