This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-vanilla-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 16:45:52 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 88b61efa84947edd4b8fa226b196733d859d7cad * md5sum 6b94b3b8dea8c59baf6db31605154b8d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7s2AAoJEIXCXpWhbrlNgUMH/j4Ypyi1z+tmeC7jJxjMR/NX l/sEYfCc6PjXmSjnFNrBtB/1PE89bnlEYlHwRHF3zQUCAtvKZz48VD7ArSzWnCN6 pcagcYxJUeafbMO0HVmfHMQpv25bRIyxO/z/G2xQE1qfH+d4IHZ6XfE9go4Fr4ph L44LNW7XNeESeQBGvUzZk4kkTvvgCdwBt5Zufy0EqgVwq2LhDuIzXclhWMwj5oAd 3dYGQ2HZlxoGzZ+MGu9OGAWMcGuDLy9v0B1QYRYTp/wor5yFlY74hjoY1cO3bDQJ LHDa+We0TCFT/yppclNnKxa7CRST0vzumg7QH8l5SE3zEraHsqMBy4JTEQwkS7c= =8LI2 -----END PGP SIGNATURE-----