This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simpleinvoices-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 10:17:14 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e0dd882645b93f81995b1a751c7c1f95a9ca75f8 * md5sum cfa452e561904f0808ba9773fa58f37c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmehAAoJEIXCXpWhbrlN9ogIAJelbsW7M2LBuSFeGRpyckeE qKmGXzfMkQNgdXT4J2+FW2Scy2BQ2goIaCWuzMFVXKqTqE13ndVAPVjXS4Kcp9k1 s5/LFbektldBoDmphp/OIizS60ddnpfuy93PgoW9KuriaZLXhin7PV3CNDK/xbLW m3xUJVliFI2nhgTB2DG8Tr/c/sEy61UHUitjbpCidAC01OrR+ltvtK9dPLvvWLN/ y0M+XDRAlWFxzB6Lg0/BJVwvHumDhmCgbZUMjsU82hdUyatb4FZNPhJv7kB82tTy MIUP5uYd0KhaqnmIunES+9iPno/49iYvJUPCu9XxBHN0GVcnXbuEaiR4ZolYTfY= =fKAI -----END PGP SIGNATURE-----