This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mantis-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 15:55:09 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum fe0662bf444ef2bff4ecb68d1d0ea5ac7a4fac0a * md5sum 65d8d5769d82627bc21b7b92e9c2cdcb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM69SAAoJEIXCXpWhbrlN6v4H/119md0RJtmWV2sYgrfQXk7h AcHPtmJI10InBLZZysjDkAkN1ymNokF2HvfCUUZzMRzMfOebqnkPhV6OIaZ1nvJB L+U4y3jbf/V6JeNwkExJyOvfdDxXsN9gmfmM3E6C+F3CJlk+JHIzR6x57ZABfEJ4 HcdXrxmdyNIu50Pgc4OJ+YyBiLn4QnwMJBmxcaWu7mRJbnTLNaA+xN+jcZfIS5RL wYkXtUnn1CcH4Uru+nL4QSe4Jf3DKP2QiUczQhEWuTL3pOz+qJiWDfgyBik5WMvl Ei0U97PdQO1pgTHBcxXVjL5nIzpTyB+S6RWdsdSyQ37XXMvIoiYLPp7QCihJDgI= =ipgf -----END PGP SIGNATURE-----