This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomcat-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Wed Jun 5 00:58:23 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 66420dc34a7e06bc2ce6f62b944b92849c864315 * md5sum a517c015d65c156120c9e86e0cc920fb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRro0gAAoJEIXCXpWhbrlNQJ0IAN8DGeymLDtlUo0YuVQr9ZlK 75N6p5rF0Z9dNesHIdqimAEdDmMpcbPAApLMSGQpSlO3xqci92X+taL4A6Dxl9df TwmAWx9wJGEMYBHf0q7F70IBqqOKV7iqRMYK9lzx9Kw2d6Vx16lfBMqmW1CQy/VE Gq7WDFri4ufLOjDByqY3uDuAn9Z5WgA095gYJNge7HtXUect9+arVjucU1LKcDMd +WgZW5ludGlhQbz6jelmXMxS/Q7MW1Mx1/M0lYIXEVwMA8/dfehoeuQqqsPVRV92 UURnws1UZA4TSfboR9csW45HYzZUOeWTKn+Hu5m4VZkG29lY4cR6iA0zfu57k/s= =zc1S -----END PGP SIGNATURE-----