This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-django-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 20:40:43 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2fdcf9e1a1c1b2719d6c8b73482f9f3f38ea0d1e * md5sum 3c90df9a5590291306fd8ff26f880970 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlDAAAoJEIXCXpWhbrlNeQ0IAMScaS4aW351+uBWhx9u+Ac8 dWjAAvHdBnK/Mkn9n2LCqdn8NznA6HPBpMnoCMIAmFrulJ9AAsVusqregBDbUW29 sHPjjYn0wg+lbb9KW1+0zgzlRndXqSP0BvwDgEYWtB0H7A2V3Jego7pEcDJcf96X 8YRMrF+M7DOpxywrCpdD73+M5wHxMAJ/TBMXjU0o1yDuC5GqNew7jriOvYUN2Coh IEStmxYqr3PjMQsmXoxgttSpykz704QpI7YI3/m52FkA3BH4fK7UZG7mB7qrJqMZ Xbl6xrMOZmnsJZpdsRzmVtj87o0B7/w/VACfXNupNqcZI73q0pwnXi2285bE19Q= =E72d -----END PGP SIGNATURE-----