This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-vanilla-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Wed Jun 5 01:07:47 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ec79128e8dd72a2ae40e2b9e314735540b8a55bc * md5sum 9ca31e05f095539e53f47604519b17e4 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRro9XAAoJEIXCXpWhbrlN+zwH/RKgxCzVVLK0KL8a7O1kkSR3 Ch40NrGZZbfxXGUA8PF5w2ywv3uClzx8CoFp/NVZSE9kGNV76VMvrDPo5+Ps22Rn SUpBCWNlU0wqytNwpx9pO28o3drdZE0ln3wk2D3dwferd4khUCCwJ18LwjESc2/C NuzbVcjKAe8YnQ7kjH2FuCJ+g4c39x0Ky+8Su1JkDiQ6wHall3RD8EK0a3ecu0WQ 9hNij1DWmmSaBNGWmRvub6WRsH1bZjAYdBJYKugm8KH6d97Gc/OyfBtTD7Pm8UJ3 327y4hvHH7JPRAhE9TdLblKvDCie5rAr8w+QfYZa01zHikf278JKlsfcWtj/j/I= =CHsp -----END PGP SIGNATURE-----