This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-redmine-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 19:21:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 6c49f721e74106a2139d20cc3b122c244716c764 * md5sum b4691240858ec51ea733307c89556d34 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXEQ2AAoJEIXCXpWhbrlNY04IANbboJK+/zXb19UJio41cWCV EdsDw8yBXzsofyNV/snREiRqLe9kPlrp+vdC9St7wGGgnCqDLj4wWOIOEfyejPh6 ugk+iPD0+Rnj7CyQFlPvLWy7i9TenYg6VKcFGTY5FBWaDbl22ybiJXDCeWTs2FGO q/2XQGgyobdNP53xkQVMoX94lfu1NgUCm5reBFoTDlgcqeasG87Gp7xJWopMXzZv xSw4l1Abr3pmdREWBeJ0N5Bp7VJkVfNo+iw9180SQR472VBTdCPpbAGdttYau543 u6/6QIudPFYdDTM7pZAbqBk9QkE0s6bau0/Kf/okZNaPuV1xvpfkBWEYt7qprCo= =ceiI -----END PGP SIGNATURE-----