This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-rails-12.1-squeeze-amd64.iso.sig gpg: Signature made Wed May 1 13:46:17 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum eab4d71ef8ccad5679547010acba4ebc06499e30 * md5sum c69b7efb7895946495fad82cda34e43d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRgRydAAoJEIXCXpWhbrlNC98IALgOFHMhlg2L/KU+r/IZYL+I lrRbe+wBHOg68W00SO2Z7Phf2eGXLwRoetoE87Qrr64q111pDnCG+b9BDDntCe2q 7+FFMR+mXVrIFbawsA6FHbstNcZhq6QVy2Th77o9OUr8opCcZJljd23lBv9cyPKR uKEL7yd5i682hJ9UPd0SNcddaOFVGvSpHejK0HM6iDY9sVj1Ug019yFhtvbrAW9K jeJ+Zb/epjTq4GZ5rszrm3w4VwBc3U27g0O7bPWN0Py/bGxmPrz4NkJHB7GzlEyX +RvvzL5bSVHdjJovHdLKHi7reM17yrjKyDjWmMVE2Rz8mgtna0DPHn+ANJknoXI= =ZciC -----END PGP SIGNATURE-----