This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-rails-12.0-squeeze-x86.iso.sig gpg: Signature made Sat Aug 18 17:59:35 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 1746b78599f3bde9ab5949fbeb1a2e5d73b9be36 * md5sum 07ab0dab87d02875ae2c363ed738174f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQL9f7AAoJEIXCXpWhbrlNKj0IAID/f8FrXCIOdG/5Ic3FOlTf sbf31u0dj6CBFPASy+GK7p9jRClbCkwP9zn2t2ONFQ2iPx50MZkWnRED2FN6ci8w dSNvJdYhvoK2YcSkkapFgfQh7WZIKDq9g2QqSov77sZ5wr+Ogaov5Du8p86tQ/xV bHlJRmjX52ahbQIJpreNAGLGnXf5T/viFKbXdld0h3irNAbI6y4Vw4dGSY5fC1nV xQmhzUJzj6Av47U8XS5EopCAJ0PJ2s9c1N35gy6QWHdSrv88Bq6pHXyNRRibe9xc x4UmV0ygB/9toclA/b17uW23lsSMoKlJgv+9aVaoLatKRqz0ZLP5A+V/wgbl45g= =bTBY -----END PGP SIGNATURE-----