This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomcat-apache-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Wed Jun 5 00:51:39 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 12a09cffd924893aaf2e9bcffc52ccb1fdc2ab1c * md5sum 65259139a0b35836847a2e1df3213382 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrouLAAoJEIXCXpWhbrlNo2EH/3r74FM7w6B0AQnwUAd+xmtD g9LzybPA43S2uR8SJqVKUfguUD5FnvIMKaZt4pUPoPY4OmMn4g1ctmY1czdDKBF3 znDKCPrmVeIXu85x5hlDVSg3Ag2QJQ2/udBYEAlsQ5INUA8GE5EMY2681S5Wnr9g RVLDYEURk5Xuy+q00HaY4KzxjpEun/+vhkTsC9DLyHdS54+JX8M7wIE38xCj8Dcw m09VkcYcOhi9Ah8JvYRnkR9tJGoVwDqTigxW/QzX6OsA+E7xVKvg/Yu4rhvKtmi5 OimhqKwyYD1JzFv4ch+sxqVC4NbW1Fvpjk7UTA/x260PVJRwgLanKU6/5bJyk18= =dP4t -----END PGP SIGNATURE-----