This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mantis-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 22:12:55 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a1975eaa70f8cbf748d4b9e0d4fe34f94206d1e8 * md5sum f2868d55d89dbff0349c3203d451aefb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmZaAAoJEIXCXpWhbrlNqt0H/jy50iBPJ1zfjHCIL1wHD5Xl C9pRPHAfFKVzXiCdSus19/3EkkKOdJXv8YOv0Pl/zN4yQhGZb3Mf7ZkqRttU4HR7 TsKhd3fG8nNvhJktNILCb7l0QopEoXx54495ydgMEw326b2Wx2iROkdC/C/2PFJX dWr/KOA+te/vB5V1DILcV+ot1qJWMwt3DT32/iYiPmRbJWhRZDFY3bPp+bNSY6E6 HKw2CppT+7NF46bC5knK7/ylPzKCCQRm+TKrackgxBEfNT7hjaVJwo1NIwCDnDqy tEs5rzdPCA+lPRlfRM1t6LHc/7lm7S7kK3QKMArJjGRfgF56Bpz+AWRNgqWNxL4= =LkTm -----END PGP SIGNATURE-----