This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tracks-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Wed Jun 5 01:11:51 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e10dd41c99a9d6e8c443ee1bb63ee1ff2548b37f * md5sum d0f8de6f5e27f71499ce03ed9ed42b3f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrpBIAAoJEIXCXpWhbrlNHKAIAKxs0ULvJXKomCua4Ft21Qnb NQBB4zpYpX8KJ24eHdWTOPQegiAmxk4HSZ1YkeumyRjpKOyqoXN3vjIPUfG5moY0 OWGgeyEOCpc1IcZBJo+xfp8br3cygn8FU719A0H1WTbTy3Gderd/hXQKgCk9lS2Y mwUtChAzE8xRMUMYthSElks8QD5X0wRRR0FAsqutHUepmF+t/0jqetYbIjOu6Eme e0wjIblIb876fbHWoECajYF39GQ8aeqz8jGTflTtBNkLoYLBL1qq87dU9RDkW5uX pGz9u6taDC32FMc3IHVAJjm27kq19Qgus7dAbbRHDbiv5+SL9CYFeTmB/dFXlsk= =5wMZ -----END PGP SIGNATURE-----