This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-trac-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 10:39:54 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 26f1ce972a4861c9025a1eb567df31aa6180f667 * md5sum cc135b9045e61c41188ab6178797fc4f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmzyAAoJEIXCXpWhbrlNuxAH/3WHss02Vzg9pXwCH0WgqYWR +68s84Wx+wy/C85N9r3q7irdl4AnSbEFsFsZ5WG7kL+HP0SVoW8Zxmfd2G4m7Acn 9+oySDxH9NJo/u09ktlf6KJSC2SerQ706pCq43g5FTXqV5WhSRRNmpgeXsJyrcgf udgxASzN3wz0TLu0CHWnkN92dZgj9uqufnntUmMBOBNon8b5aXhKtTiaMs2DEEYG y/rmIT0gw2kzWJwxOJkcv3LnouWLkNi7Bbr6yTAtFnfjdXFULKPmD4OtkwcZB6B3 AGxAHVlnZT8tQ7nksaxgi8qX/47BF4JacjFuZctg2rreOHE8c01jeRd8kfK6n1Y= =K6k/ -----END PGP SIGNATURE-----