This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-jenkins-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 15:35:08 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 65ad02a1f5e839065b8f388244ef3e134de06a07 * md5sum 11f2e76d8a835c10d12d210c4c84538c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6qbAAoJEIXCXpWhbrlNySUIALFF7HzePjHSXSVcqNd1M3D7 72+YUHhWqew+7C/XuyP0y4MV96WE2uVW6CzeSsDwxX5ppahqcRM0BR91oF2utGfA o97ksRYXJ5RvvnR+mB7S5/7hJPP2WhJte/wSXvROrb1i7VuZPr3l8P3o/4oI0WfD 4BeKG657LeZu7OOV5kGP32s1b/5TQVGYJPBfBEhSPReuQIpk8nv5okmot9ewM9T3 CE9kUYpXIPXYVJNUAeVYEOwrmxTGrfTij7YRzbphFuTmIZKg9g5rrzta07qzVtFx P42pPyz3X+i2yXaHud3tgHV3yR7+ZLxsjo6Ypxk1YcoUNFwrdivVWArzEAGeplc= =Il/8 -----END PGP SIGNATURE-----