This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-icescrum-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 09:12:44 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ed3aef0bd7ae0b3f67a0424831c18acbfe8f2336 * md5sum 7ba390f513181cbe63add66d7e6a1d93 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlh7AAoJEIXCXpWhbrlNX5QH/12sPlI53Rc8viFYCxiF8dKM gaPBW9RYB7AtUfyQxXKzhq7BCnt4UPmMO7gvS8UessC7zsbSYGFYAUD9AIaR8nBS 6rSWAdjvlPXwiWbhe8Qtp7sb+rclbekVXcYbh5SEWOnXuQdtpXl1EsaReics7H4i +56w2ypKUNzecb33tNkoOwg9OE4Pl8LpJoWHju0wcsjWFH5UPZXcReQlsWTOofSC r95pdqextHsUyOvpmxhDEhNo5uCc6ZmGxDBgyGdWGur1E8cRqUOYUZjF2X3XV2pD qtPReSImWi1KtoNHCGHqyTT7QYIuLT4l05673nGiuBfUYrquAOc6MXk37cotulg= =bQ6o -----END PGP SIGNATURE-----