This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ejabberd-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 15:53:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 95cdc736e812590a9537bdd42422bc5d4da548cb * md5sum 162bd5abade7df227031c87ea740da9f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWTZAAoJEIXCXpWhbrlNPFUH/jUsBebgGgkv3zgp5XdWU7kH TeZXRbfDx546IsPBtwdAqiNkSGBfoMOgZWdVxKzxB9kssXEjSz7IzBUzJJOr83LX KXUtQrVi0sajBUsgBkV7zCgc/UFQDwUNLijiMBuQ8VQx7uleN1FsWOxUyzMUuchQ EHHHIu3qtv7DlyOwxEVQioiG4kk4I1LuKWrNiOM7defNnpmOd7kaxI0oj3ddDmo2 9W5xeYeIfoF+2XjhPWgSiCCmmLi1fqbJt/v26PqGJRS9SSoiKk43pLFyc1NZpjZm To410JOkaq9vx5cy5sNip+dSQUsZfip6jr7obQ8Eg1J/5jpp0AXxF5h1OxW0BIg= =cb1k -----END PGP SIGNATURE-----