This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-drupal6-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 15:21:59 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 007d77d51e7da8a596c1f1eb15050d2763fa75f1 * md5sum 3328e4e34c797add9e9fb040f445717a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6eNAAoJEIXCXpWhbrlN5jcIAMqTwVfnwke9yNnaRg3I0Zbk 46YH1MdS7nH2523eCn1G2a0xb+MA+xM44zJ+VshvjNtpeqWAsrF0vERoEHmZykpx cOOuCpOA1FuTs1IuQDQ0fUFifYEPpp9C0dHmoUCLz7AT4X2PqA42AxnL0yiAmNC0 /jkiW4MkX61F8AD76ZaJrN0uD02sJOLHt5rd0Jclow2iaect/9kbRENBWtcCC+FZ qIPTTEnaV7Voyb2XmpnPIaoug8wvKf3KQq97cI+zhFvRbrTTi5fvY45bJ6u6w5oX QKmjsswkxDPvtUtLfr45TV8CHjSWKtdqky89tbGij2lGlcORlq3kTOOC+0PKuCM= =0ajS -----END PGP SIGNATURE-----