This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lapp-12.1-squeeze-amd64-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 13:55:10 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 34eac79bd490fa5eaaeee549f561a64dc2a8f242 * md5sum d869b6bab02fc126628b62460d69d239 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfG2AAoJEIXCXpWhbrlNbQUIANOLuBSllKKVagrPsp2tYNTn vNj3Mol+p30Ccw5znh4wSNyx/udgV9W3Hs8MyVKitQsM2e1+ZupWyux+uvE+QZQ5 Lj38NzQw6/T+DSd2Ue/P6UGLmXgoL9lIe77SKd6y0Yw8kcANWgOVer6gQMz8Os7E cMH/cnC2IzqPukSy3jky1xn1x/tVlMbJ4dSBoIVslbIdoIzTaqjunqXpKnu+oUer ywmMxrQ6ZDhSjxN9DA9ikpDQ/9wffO+JYq114uEFfA+b+gLC1Yb1uaQTgDNW/klI Bvt3U24jKolD4J/OzYqNfuO15Q3R65daMIZGEWtI6pDSDVsitpyqYU4x1KcYN0I= =3Kd/ -----END PGP SIGNATURE-----