This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-punbb-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 16:31:30 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 1bb64231e67330129c69276177cf259313ee3f53 * md5sum c64ad2d735bf7b137a1d2ca9d668e424 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7fYAAoJEIXCXpWhbrlNYGEH/AwCZeiwMcNYdgaKbJ/06MdU eD66sB03rYokCDZ4URs2dn9sFvhZ7/4OFibvWM5dvu5V45pt63fS2WScUTH/VzR7 XFmC/Ks6I5/H2UibGIno/CXmn/iVEzKm2oLFRzD9fgR7VRKo0G77pJQ486PTVD7e 12bGAbY8+CCOk2A+eu1kk9o1Uht+JzlxXuTZyEv6zyPqjvjKhbqQtXyIzrcbfvEv 7snfDcH9GScRpm+T76sAMrCxMymjoOo/5cneiAiDOyindk5LiQDW9bEYWcE7Q03/ CvfrCdO7fm4duJIAOko3OHlmaFBV2aXeRpROwuq1rJtOlNBfGf2HxhFBodfMhAI= =zU6u -----END PGP SIGNATURE-----