This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-revision-control-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 18:42:12 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 21193cdcaaf72c5d5ca52b6be55a8692726d5e48 * md5sum 18bee4e42a68abee13b5d819abf40937 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYx7AAoJEIXCXpWhbrlN9ZUIAN9sa3zb0sco6GwOIadL+4WP zTAM6vLAjq+9AyBswWFl2Mu/ZvOZNRyYaHHx02HDdGWsttpeWnzbX5qzp8RukL0k wK9qCvRVdjPlPiItDd7+QTAHTWl/deZjr9XSNXVwNjfl4NTLTdm+A2xb0RXILvOd NFbMnJStJBFJH+j9cvOn2L4to1mWSy53yfTA/i/QF2dsg8aLUVjjhhFc0J+AUmNQ B6hkp+Q6prl2xGjTIMJtm0hmLvsXUSRgb4J4uJ30K3jgVL+8ofwWLuTSPxtKVPh7 lX08x70+HnI993q5unJk1k0o7oc0q3Oh2QW8j+KPW6qgXGKTjzaw7kGZJR2TqGA= =8XUP -----END PGP SIGNATURE-----