This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appflower-12.1-squeeze-amd64-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 12:31:34 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum da231f0d70563fc3a90e9bf7518efbd5ce291eea * md5sum 0540203f069c84b143b5090e3c0c0039 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrd4eAAoJEIXCXpWhbrlNnBQIAMj7XIkWPurC7Wo4Pl7dgjAs ucFshS/UU1p9nHIGnHbEIihu+SUZ0dAq4YjivgL/eXAFFipVQdPxWl9YHXEGtuus eTJhk1HqQlnGT2Ps4sDXH83B/CvUf5RNhT65d/VTCWcZGW7RWEn7Erb01YCuuBZJ fpBf9NY3Kr3S/5dq3xP1BEhIJGUPyCEzvmur12aLMnks+2QlMM4wmL33yaF2pPkF xvXmH29Vdr8Ydd+z8PVZ1lFdEB7EHwIKnzRu23wIavZDCd5p/At+tGIss0sgo9UI AZXSAvubF91lxesAMgeDhfFXK+PSJ1aTIvPG2137NPHQDsN2mcUe4+l7NQKtwGA= =uF2k -----END PGP SIGNATURE-----