This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-zencart-12.1-squeeze-i386.iso.sig gpg: Signature made Thu Apr 18 14:22:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ab6d5dde769dc704582d57c4d6dc52846d570cac * md5sum b0134bd336ddbcbc909ccebf19932b3b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRcAGBAAoJEIXCXpWhbrlNtj8IAIq0Ud5J061eGUlnzAvenW8N Hp2BPRTzVb+0pscXluFDcLGkUUgPaCa7gSE1dV6LpvFQEtDcxcfoxhfKbRKjX17H 5+paCNXPyAPBAtU/YhOM3L0CRbZYqLHOwz7rf8EFbuovV24uk+xw1x+pH0+65SHP mA22PtU0yDdM8hru1I9mo1fr8/kQfPsr68CD9UI5GABkLh/BPQUZ79oclyKKhr6k Gerczw+m9WoCVRTznD3TXV+kRWaOZoCJk1vDnMja9wa+Eun53nIWU5/xkbwCGMRg ng4tEjImO/6z6CRXlOKUTTf4HoD4DQvKZaijFRBdO9toFE+S+82u6YgYqZo79No= =+TtJ -----END PGP SIGNATURE-----