This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-core-12.1-squeeze-amd64-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 12:01:41 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3ccda9abe5a47d1e6b79c6de6c862f4e7e083c0f * md5sum 466fc0a1fc1160263f75323c75672184 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrdcfAAoJEIXCXpWhbrlN06MIAK1V1PnYSNVMZ7EcpqAJ0h+Q /Xeloc40nKh9HzEw98P9AUoZumFkoOChJVT6DjQ2y+QLTV1F34Ltr7R2sm39izDr Ljlj00OiTG+d+ToJljpGWpNpJedfZLSjEmeoSaB9RAfhVyUEPtCwv8soP8I8Uk4p YARv+XN09d8bt+TykUQ2dNOuACiDxdA/q4gCYrwl0sDhiVDvGUdIfT0K23nB4gfn y8kMcgEWtLFdk6HEzOatkRqbchaz9mdHTQaKXWgUMSiz9/PDdpJ152XERLFdNEHy FdQeWeagG4y075/Yw940fs9uUk9Pko6ZPLkDAV7sQNGsVjCPIJ2tVnRe9uUCdw4= =ubwz -----END PGP SIGNATURE-----