This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-couchdb-13.0rc2-wheezy-amd64.iso.sig gpg: Signature made Wed Aug 7 07:42:24 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ac45b270a410417903a38c24f4ceb49be5de3213 * md5sum d537d1f615adcce66df470368f3c1fac You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSAfpVAAoJEIXCXpWhbrlN5NQH/02r9nrUrcaBPnVN/kgeRN40 isaGia3T+YV2Wm8Myb9d1ta2BoeOwiwmTg2TduBBzYMWBoUcmD3zKcdUdlWP2ye1 bJcTk2gs9QD/IRIJI/g+9J9kj7174DSyNX2NaLf78fndzhQToS3I3SsORGOMGgEv BjFfcKPUosVxxj7pqjFZgGl4j5eHLKHjzbodTE31Yfe7MiYLdnDY/v67j4/Btzwu Zj0uhHjf6syoOm8b1rvxJdknWtgCAqmzMWf0yLmW5s1yFRkBYNqbHzSk7ShOtvAh teUDGH/ZWTcfVYCHmG4PvCw1GQKsqpF2sWFm5YpeYU3tuWxV5AjiR0l3E5yD33A= =HT2r -----END PGP SIGNATURE-----