This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla25-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 15:32:52 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum dd9c977df2f2891e9a26fb9e87f8cb62ceb9beb0 * md5sum 43034f6aef511f0af9d6333eb4429210 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6oZAAoJEIXCXpWhbrlNzmwH/jyQQaFmQ+yIkja3aZgCQjIN Cj3dKkvsTko9nwWs0XzDE4tNSlgMACedrQ2xdUToT80adwi8Xf/lgBsTnlEMUPXc 3YBEK15vpRh/eJsrSNGv3+NjIakK0iWetBspbyIOzG4k028aAFsnrW+iRXa56R7s PacQDNhoUvb5SuYrVHe2gqg7c2OH/OTyaZU89kdPk2jMQzq+o2LbUZh/H98CF1su 9+FWJoltiEx9xA9RiwjZKop7jX9P7/Z4CYnTsi+iPx531Hvmhw3fDcDNmEXBG9nA GwIrvTWbtAo0QabY7c03LC4QpsCBm8sHmfQKinhfdAhJGs33BGyAj0uhRCp7eeg= =0ICQ -----END PGP SIGNATURE-----