This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-cakephp-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 15:10:28 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 1e2525a7f030d75f2368c736a9a20c72a5f8de3e * md5sum c612c1a61aa31c5c0c339ee003ea150b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6TaAAoJEIXCXpWhbrlNJ6UIAMJ/I0BVqH45P5qtyBWRJcXd LDeHXOkwWKqpDcKK17nRSlmbx2CunBqD41hULXoq51CBY4SubY7ssJChL7gye0sK cVMX31ObXpRCu+KWOwd9Ya3dW3GOMmVbWIWrpo6jQWZRjdNLyCrzVn6LodMp6Uow aTxbqjf22cgMkstPA/A0udDIQ0CrWtr0y346RvnDeoDyOb9YJeoA8zINC8+HeR33 SZrWII/3DbHgBPPByl+uAUdcL6oGOXamTN2iFIR/dQ8IjtL7hoEA1zTjLK8CtBXn ISefMbEn2vCyy2WGnBA+xDoG3mOuSHKrHaNekDSThs0CjqpLbVOsRn9llmbvXYQ= =TdUV -----END PGP SIGNATURE-----