This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simpleinvoices-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 16:23:53 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 6016156ba3d428dba673ce2b344f4f01b0b1869a * md5sum 31fbda361cfcc574c9e368405bb613a8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7YNAAoJEIXCXpWhbrlNpI0IAK5qWHH9DP3766xCGQW0E8Ee WCAKJKbjWXcP6hcDFTX0cf8AgFNBJKl3qKivBbDT8TO0zPj4tYXWZ3tRg6WG8Yna algvEtNb/4H+QQuUiKLf88TlN96nThdKfhs/hDn0uzEpwdl19k/CF+phOJWw9pRQ Bbkiq2f/wgvO/7jgc87YpYDp/B8WWfqMrmSiLNM3v/yI+KRGlNgCD2qUBcQMH0Vg 19TugQ19iPDQOeg8vXXC2oke7f2TAUb4NVWu8rBbHK2SwNvXs/3w5hC8EvmFaRjZ 2MyYy6HEpSfa4FEcObCFqiG07ThH9Xz4CpnadHohEI2fXQyxdTRXfjNErjCYIW0= =ViL6 -----END PGP SIGNATURE-----