This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-web2py-13.0-wheezy-amd64.iso.sig gpg: Signature made Tue Oct 15 17:11:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 10752a12ec34a4e53aed44a26410e5d2c5411d3a * md5sum efa734c85e9ddf05dc5f78715ca2e98c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXXcfAAoJEIXCXpWhbrlNp4AH/A9M/x2En9esaWYfk+M1d3B1 sXXTD4JvPM7ylkQ0Ea+oSGYfml0YvsNxi+dMOW2tY2/KJHB9M2yrIfpzHH8PXK8f V+IFmi/V7FtmemXUql3GaD/iawyChSflr1VFZeUCOm57Z8utDaOTkKxpxk3imgbw rouiG8iuQxGpvCjE3v/83qGUDv4LU91qLKm4RHCaNU8fADHYph3+dzIP9l3rUkuA NNV3kHCRYoUkJg0iJ30FVxWPQYO0gu+FPdcNIoKinnGRhFdtRJ7D29RYKF5ANECq zj34K3+UtIwFsWaGZTO3uxGv92dPl129ndYwVYldy1bPKJEHdwNITvSL7Nf+XvM= =J34L -----END PGP SIGNATURE-----