This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-zencart-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 11:01:41 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 01f6e6ea536ba35bc665c14990a9a30f3f32baf7 * md5sum 01812f9cfcbb5a8ccc0999513471622f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXnIMAAoJEIXCXpWhbrlNg40H/0U6MjD+6JKrx6qvzs/RPidT vjZoxkPDzvr6t3X7wF53mBf/PMdMnLCxWLJEVB3p+5xxfuicPaXVg3EQXsedthO4 CZiT/7ftMoVeX2sLVOtRhpmYsspw4MN56jk5utOgsCVnXFILBKWLTUS3Ji3rH3pY cY6RdNs4Z6tn3SdLA5xk5JViIpQtJQuoayuttJ9oAwe3QjYNbqUVKxsvHRW2kObF ux/FTJnvfFzquaPZhKDEAFE+ANX1evxKxaUho/kCHQw7Txexn6L+jzT/pYj71ZMq LwqYflw76nBmQCmwsiQzjKkUVkbXy8QR9j4TJxCuF1aL3zD4U5yfAbOR0Hba2gI= =h+bW -----END PGP SIGNATURE-----