This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ezpublish-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 21:15:33 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c0e0b9aa93c6f164760dbb9da0de3d245bb7befb * md5sum fdc847a924c48b7c7583396caa30fba5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrljnAAoJEIXCXpWhbrlNHwMH/i6vhxP71fI9qpwspzj6WJKt d345CfURq97X9P2iKBqgML0t8JM5qz/m0uTQ1kUFFPSBZQC83iQz8fq7k0nUb/41 h/N8wUcGRm8Xh58ltn/gWU/8iV37rV8lD/G9tbTJdKUBziYJTE9ZTVnwfBSfUbkF 1pPEpnpFJmIu/PHmb4KStfyeqRxPbHKjBjSmdmhrFA+GTtpifnvnyXHSwfso0p6R NgxuGLp4gw098n33jgEeUChNKhzWrIkkrlCtswW2GhBhz9QdVDFI6Z+/zR3VmcK7 o9Nh/cYsmLPvCyWBr7rmgyI2Hgev8mPiu6FxDzJky8tHUmCVqT3L2a3y0pD5TgU= =2OjX -----END PGP SIGNATURE-----