This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-vanilla-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 20:44:29 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 195ec08cd3f1870b0885ec7198723cbe47211ae3 * md5sum 5e052c5af2f5257441cb625937e8d9bb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXakkAAoJEIXCXpWhbrlNmL8IAMEyTADoxZsG+6j7BCiifNfy Cb/VhgAdi6gV2+feRTTsA61bVUvbWZsaJ771O60+IAW44XHnC77xtk6zpKqrV3/W ipBOJrmBu6VJPRhHnoWvRfRdGMrziZKnjae1tmpqvW1AwJIoAi9kcWY9ylIh8v+4 9xSOgXv3jooiISt+FcfRDjpmSgARAcXegUBhdRcP+X7O4Mr7hTCBwUdtx5h6GN8K zPCdqa35fVyZN0ASqMdSGCatcb6TuYLe3L0p/kAkv0WfDbEOj6N22lxKdjyU+zt5 h1l99YnWpwJJ0wP3zF39vZQms5Ezr0L3BuVQxvGmp8yanXawuyI7Q3OwSZtCFRY= =0AK4 -----END PGP SIGNATURE-----