This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simplemachines-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 10:27:12 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2769deff1f6b093a73156e5461dcac024f13badf * md5sum ace8aa8d8a54e611c0e21c530032d256 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmn3AAoJEIXCXpWhbrlN22UH/j1FWXM2Pf7IxAff1pampjT/ IhCUptAhj/J9irB9YgplJwWWrkv22l0e/xaICIjYyLk3mlqEiYg89snpSO6TrYXJ WVRILVuY77q4Jh70RKtTYfpL6wl5aBW7SnDTsNhvAtL+mCsh3vlDtBbc7B3hTGa0 2koxPE43WVPYMjYarVyw9pFpSxIsPdy/KI3Ai3PBI9WY2jOt1UlZ1SAJTrbH8usf q0Xmn/Oq3F5AgwXcCWvc/AH8hrqENDqW2G0vFAyYkam4S/fFmmKWhxjhkVuyafng 5KIhfFH6TVvzC22Mb6F1GUp/8+jp71yNbuYOBp24RcR9dCOTyiKnpRyjgqVnKlk= =52mT -----END PGP SIGNATURE-----