This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-collabtive-12.1-squeeze-amd64-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 12:56:54 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum bbdbeb5e0fa1be1dd83cb4e70b12093fcbae0bdf * md5sum f5a7869451a9a0768192edda7b08ba9f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRreQOAAoJEIXCXpWhbrlNNgUIANap9rOyeTAsXJdftzPJQnou aK8o0R3y/sSywKV9DWm4hjbMceIbbD6WeN2OL2yNcEa8XZ2/IjK5NOID+B2hp8eW /KBLfisJlw7e/w2RkvSmNTB5ZYXZUBZMdQ+ge6EY8dcB88JwLY7i1dBus2u/ey+f DvP0P3tfU5XvMtQU64Zx2lRd9qptHCnBtZW3mXVPN1w+xq/jRJV4FKDx53H5jlTz Bai/Z8qHV+DnVrQtGQ/4rs7n4YEr8QJe6P86AnUVffo+7mbBmxyBCZNDbcgjHaP4 B79uYFgxkULc/JPPYqW3sOjWpRC80d3MGbNFN8Rhxh/EHhu5/xOY53k2hWtZmMo= =rH27 -----END PGP SIGNATURE-----