This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-vanilla-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 10:53:12 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 1b77653ea8b07872d5bfd1a63ac3355a94cd5d51 * md5sum 77f44e2304e1882ae5d74d51ff76f0b5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXnAPAAoJEIXCXpWhbrlN6m8H/1jiPk5tTrjcfttoqgz+i9vE ZsSrfIpvq639UION/6B28sf6c3cppq7BvhpecKZfQmj41W76lUt/4V/2yYTKfeUH NDv3T1XymCwTtqZ0Ll/pu7o2KJBf1+UkQKid47SHw2GVDA+Ds+c19P/ROnS0mlMm c+L1WO0zSEBEgwuCJ2VbcJcCO0UEUKn/4vbmLe2N3x7ZrN9XPgVqSWVKXLE69JXB RvM72OebdIzoTsyk9TUk25iPNVbbwrkjtmmDbmbGKxZhyW44j260ieAkNgCaYgI4 fXur2L9G756iHMeo2P2UvZetg47LIsrgWyplf75U2+00no3rcOHgaliQ8OdiNz8= =rhI5 -----END PGP SIGNATURE-----