This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sitracker-12.1-squeeze-amd64-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 16:15:26 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2edf8e8e655c6de034d143999110d07836d5da5c * md5sum b5dd831cf0d50b991f7f2e8a725b1831 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrhKWAAoJEIXCXpWhbrlNyIMIAOwRxcgFfEzmgEBvdRio4Igs DjaS7natvenLUYyS1UB2VphqZ8QqbhY8dpqLGYWhz6eFz2Teyxb48rkEx8qXcWXH w5iYssinFUy0vBJNEy9+EQj/bAE2z3i9B5wAlrkJ7q6ns4FoQxJsiN3NuaUwHXzG q7SFYmN3p/x1NClYhvq9amaCoH3SCaB1QqTYSotAeBmr6ikH9nf1PJFq6qk0JKkZ ADVSBlqX12evEIpty0lbohb+lwrzslC87faqlqbCb2bkyVPRo4BY1+8Kv8Jrmzvn Eg72hOC9uqK0UsdvWcmJm4LBAtvwADrVpP5hBC963juWFKSJNPOQi0n1xSKYv3c= =CJc5 -----END PGP SIGNATURE-----