This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-bugzilla-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 20:00:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 542291a4c051d58f7268c09fb86d83665ba688ff * md5sum ec23072cfadcfb35e1e279e8b1bfeca6 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkc6AAoJEIXCXpWhbrlN3HAIAMDP1aOEfQGsByipGl25Tzf/ 10yKVPkFPqNz0gBHduV8jeogF2XMLpUS+TBwe7LGEcztTURlBUuMpoNFutLTXLv/ 1Ci87y9as8RVeAVN8h2HBzuo2maT+P4BZW3VVC7m7TdFVESK1XG+VBOFRQtH6JUd re6GoVcIDKLZN434kvFXUJG2tV+qwE1MUhKTjWGzQ6pJIu9OYw1O4+5AZl+KF4DG EZWrCWaHoen4/Xk89L/zRYF1dSoa3lTGkUSThPoEPS532LNUD+/aGfSK7xOI8EUU 6cDNcjbCBzxbo1SPCF/SaEGqxGxNORcO+36kQLkbFkAuC0TNu7RwUkXcmxGWfjo= =qsRU -----END PGP SIGNATURE-----