This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simplemachines-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 19:29:10 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7a56a0aa6ab5de40f265c45ce11329a83e5a60fa * md5sum 55de13bd3d9871cb603e2afbdbc558d1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZd+AAoJEIXCXpWhbrlN+mUH/A/0hoFAI+SQnYtpNvo9Rumt rBETwo9YOpN+Fdyt5VZSv+iPaA4vsO0BDONPY/kXQTeWJCwU51EVouFBhcCyRGrG 0O763qYG8UU38RIaBVeCB2beKBw+cicaQefsp7tdVdxlK3zUhQVZLCFE2G31+XYT 1j8INJHfAPkhXq2BA9aU0W7tvYI52wp6nwX8eVTX/mOgEyhE+wft55qLJ/QLifM1 t3KZxLx4kvlslrCPY/iQjZJqWcCIPaIhbVLPdjWWKGE/pTYZL34jo/buwYHDo1gl KN25quZ/LLx5ClQ6bI0uH4tG0aYpAD1NJH4OYiPwhJ9ZuBVrkSk2MZrXOjow46M= =CRVH -----END PGP SIGNATURE-----