This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mahara-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 16:41:58 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a0d8d31df3bc0e1d8c29909e5444e744b2114b79 * md5sum b0246fdbf36f022aa4fd27196c313f16 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXXBOAAoJEIXCXpWhbrlNXq8H/0Cca84g1Tv4GRzi9rjNZ/44 U5bGZKLJQc8IiUq4ldZaIJtfzQAz+LLfUv6oHpRYk1Y16MP7zGvNIg4LKBYdo5b8 +QbE7FaF4m6Mcsn6Q9NRNcNgg6e55WqozsylZDQooECJNIJ+KUKIDpMdUPPbg+qY QHOxH9OEcnP3azhg706jboxJdK55AyCtSksZXHNxPeOpFMWezyjArjweDALtJ0Es rgGIr/wSRKW4u4RXAvRhMzMpkaJgh29z5gTvlMvbEas6ZVpbSIq1dEuHhfIwVhe3 qSSDHaZxJa6f860LMw+i3I61j714zUcl7eI+nju6inMSPOJMzWE0eekxfJBmtuA= =y96x -----END PGP SIGNATURE-----