This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-xoops-12.1-squeeze-amd64-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 17:22:27 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b8541bff8d79e7f36f3e1db373186978b8dd77fc * md5sum 405f55740cc6655d74775bf86187fe14 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRriJLAAoJEIXCXpWhbrlN/F4IALDtM2fyCtkqJ5gcTeMfkUzU uFr9aXqgQVOf3cXvWzdHlrBv16Ha/1fsLDyJgQb4+0qAMVr8325mMIsabF8SDnjC yAqSymW1Ok7oKOxDo87t177vdBpOcAeQm0inKjkGutqNIKNmYsowop5fFmK80U1I z8hYFWjbBBsVPG8tYYDOXLkxMM5yM+tfEVEYc0gAyZNvf8u+1Vd76krPAoh3WUHs WaVMFOrhk/zauqE2Uq/xg5h/vW62yyUkheTjeUQedOvqVwuaRN7EYiuJTDmPdAE7 lqhDPmrGSfdu0tRxA3Sn4Bjfvf+WLFNzktldn2cNmfVZRV26DQUnmNQbiW99IN8= =/QOF -----END PGP SIGNATURE-----