This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-movabletype-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 16:04:25 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum bd9fee9ef85dffe4000efb302da4b08b36a1be78 * md5sum 75b9f10dd1bdfd4bed3f1308cc88c12a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7F+AAoJEIXCXpWhbrlNJSwH+gJsYIn6FhDViViesElqJX41 r1DqpiPV6ZYV4YO6hvcUvxw+QJcfCuxCrGyo5Q8mqdm9m4Ofdq8kM/2RjD25GuXf ZKf5SAa1Cvi6c5H3rEfrBRV7bDRrAkiNAa1qnS/7wcnWFhTaDR4ZTKoh4rqkMmNd imrMXHTR7tx2HOsmaxvRN/5goRkwP0yyQg+xxjz4pmEcPx6KcqFZeF6FGzGJgcL5 tPJrmfDH2rIyQpW7mxnQYj5hFElqtuE7NISEjUWxprsVMFXTcALo7H5Yku/3xgJC nvlNxvYJl6I1gA71+EHuHzxuTmAsgtNwSDikjJXykdt9kWEtal3g9XjmtBOkPSI= =9D38 -----END PGP SIGNATURE-----