This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-zencart-13.0-wheezy-amd64.iso.sig gpg: Signature made Tue Oct 15 17:14:38 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 59eb08afb97d0909d6dd03fa2d95b215eb0da8d3 * md5sum 3afc6c4f112119174373db5d9605a327 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXXf1AAoJEIXCXpWhbrlNIskIAOxbIiOsFfQxsaq70z/Vz76x UbI2j3/kMEJFHViwBmMvrKGr6LjPbrAM+/VlnlPBVsorKlffV3CyYizzzuz/u9Ms pS0bysmGBSbeK/K41i+P3M3HqFs8hSrJiAxVjEuKuICIkPvsUJ55SROuEdCqtEAo ZEPswHAPz4fuDkFpZRPUd3HhN2XGRD4XelO3IrS15SRi8Lhe33WmHakujQqpUCld vN9Gr+RwSs8NF33QEF+xkWRlBtebuRzf4AuV9AR5qEDqbOy+5r6CggYbn/Z/b4qU +IVaXgoqyLPlOGbVlh5Y3yA+OZjzLYy2dWON5E8h19GjDyP7Ys9ac+GnUrNOZE4= =kiVP -----END PGP SIGNATURE-----