This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ejabberd-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 15:32:13 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 3885bebaf4cdb25d7268e18a9e21120029754339 * md5sum 89864ecb4245b6c511ae2391cbbfaa66 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6n0AAoJEIXCXpWhbrlNwbIIANHfjZRBlcRhsYJwYuNEHauz VPj3ps4keKdT+Y6lXitMwdwuXnLVihu55mctZx5IAjK8/O2zGgZg4kMFvrBcRTEU oTzHv/nBmocUrk8DWJ/nK7PfHcGp0N45dpSIoOKFy/GATv1QOwE/QQW5QoHcrwfH if4Ip6WezZbWqq72bCCzYqM8Xrvxffj/qUTTRmubEwCXO8waP6N8iWLMRlwbaOgp fenEQKzL+ZqgIdUhtm1tgP2kPMd1yG6OdJwCiQnfXVTgwxLp4NZl668BaFR88hGm aDAqTCte7hm0+SQQ53E8GOeN2YMu3AHudlxRyCP27Gna/LYCqOH6rV4U5Rvug4c= =vp1V -----END PGP SIGNATURE-----