This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomcat-apache-13.0rc2-wheezy-amd64.iso.sig gpg: Signature made Wed Aug 7 09:06:33 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 302e8c6efc9980ba0f225682fc6e6ea82fc53e88 * md5sum a27a54693c3122a71699406116e171ec You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSAg4NAAoJEIXCXpWhbrlNJQcH+wWoAUirgguCbhnQGAgtriwR tv7SDAN07f1vpNhfcz3vtxtY6c3jF+J2fQbEYHRjcwvihUqqBezhPvFjG+BJ5R5W GVHXtq93EiwM9u/zJSf/e+cx3JJVp3RtkT7SED1+0qm9cnDwKA9UOYGDBH5reQqf u4RnO8s5G2Y/eBeznJ/9sMxv+lCJOMqbibj95CdcZMoR3GC7w4ngwEBP0hv3z/wg z0jrcB4Jl6FfLEblPFRclIZ/GntENJWJHaKgsHxTLsRg7aMzr/5X14hz7ZEuG79k 11nsD1PEZPW0Hm0J3TspRjseew4PHKTEf6o9QsuYocvM8b9jK6u4AM27g4VYZns= =Vzkn -----END PGP SIGNATURE-----