This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nodejs-12.0-squeeze-x86.iso.sig gpg: Signature made Sat Aug 18 17:33:42 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 0b7fa497d02778439072fd68982ae07d88d43d96 * md5sum d2cfb8ee3cbc09a01c0d538abef06e87 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQL9HtAAoJEIXCXpWhbrlNkhcIAJ5Yvf7gQ85WI8tPZxsu+sXl cFG4Txih0r6k+MOJPyFmetqDPL+HYBm5DdNlk427+GmFg5WmfPyXQ6CoZzVbwryZ eg10uQQUDFR9DdYmFskyHjlCC0/PHVUeD50cV6EQtrzoN8mzgWvtdsDXyAFR+u0J XR6JLeRQJLB2Mzhv78Yn60gfkszqfO4L1m5m2iPmMvrxvhNrJf1+U6Z1Le0sezJV /01hGyYdQVgdr3TyxfTywP0G/PrhxQ92CW46aQc5HhIKrlar3ySzKRcJmw7/qNev TgKl2UY/ndg+oQ0nUnJoGymu0dHN+5QgUgqAJLleNTInvc/nrRfh6Plrj8zjic4= =W57V -----END PGP SIGNATURE-----