This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-concrete5-13.0rc3-wheezy-amd64.iso.sig gpg: Signature made Fri Sep 13 07:48:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 01e5d8731ab2a992cbb5836dfd563f978ef05b9e * md5sum fc313e93aa335354c7449700818219da You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSMsMtAAoJEIXCXpWhbrlN+PIH/jQMUdKKGsnJMCfzjBrzpTpx sSYLP7zN1YLUq0rAIqcZTUlueED93GEAg8b704H8cCtKvT8ePGYUZ6ir/ZQMeTEC AVCXYlu7vhHpW4z8fZOcx5toCn3ErMhFdI1NJlpdYo0Hx3/13bhpTxDDQylmfmj0 D6hjk5/piURBH7jVeW6ZwlnVqb40LAH5YiIvu+CvINO0dYTkrC7RzsPVDJUNtnJM XbyvsRUUFJeDkZIlG9j6WXlpVttFh8UvOP8lT2L8ZBWwCo64+P/L4PZkMAfA3D1F RPN26c0kz3VahB4ZpPcXasN49AuEiH+YMCJOyx0Ac9uVzrM4uF5ImHYx6O5WdLU= =kNg4 -----END PGP SIGNATURE-----