This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sugarcrm-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 19:13:30 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ac3108d6e08bad64642df5e22cc2060a09312f92 * md5sum dce430d8d585b64338c2c1f2d4af3f75 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXEJPAAoJEIXCXpWhbrlNFnkH/0aDhw/oMOX9Yhkljz0W8rvq 8ga7yow4Sg1/RUawdqs93nf6u4JwMwVbG14Jv1/aF9Y0u+vSUFwtqIVKVXVG1HGW 6lShkQgB4AC/rjJ4BuutVLUmP0a3q8gEEBfc7C3CC0PgWi2Y2cQ8ki3pFfPX6Bm2 WZ/wD7yfyPUp67fVRYjvAwDW/M9Jf+dOvGSGx94EnpSkar8MEW8ThDR8fqPm8J2c PA0m3j1g4s+EaX2xhUG6aEAD+ofyh+lgSyPpJ0eDxhomebn+rxxgUOd7YNvuYQpZ 8AmHOcUk5WGP9savQnsL3H2MX5VcqcGbJ4eyiSdw63KRlLTr0xbOMWpoWW2XQS0= =CGmy -----END PGP SIGNATURE-----