This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lapp-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 16:29:55 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 67e3c9bedd8c16453c164010427c6ad5ba0b11e2 * md5sum 9bde3f6bad6bc9dc7f2502ae7c3244e6 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXW17AAoJEIXCXpWhbrlNnq0H/RJJxnaE9nEhPMenYR0HWOGu KfzYVmJ3AU06sZ18nf2fST71j1N2rBQIPk9EEyNVUmfXb6QqrUG63utlzkI608xv Bn7CfXysKlbJCv+MOtY7omQiISVKiclLbgPOvMetJo7G2SLl2AXzjQfgY5oTpEzN V1lRf9dJPOPbz1MJxLcbdbwm5I6ZEpeyz3+uWOWPjKRdcCMEOwZw7B5RYv8gH5Zd ecC6dIcg+SI095UzkcDzRM/SJnS67gGlnKi4AGlQiMNefwUK/uQxQtuX2VmZ3/vg vgMF6OhVJ8Jkl9pQSQTv7gCWjZaEv3P3mYMl3wp5Xwea2R8sDBF4PjsnHAwlyq0= =5SLG -----END PGP SIGNATURE-----