This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mambo-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 15:57:34 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 988ebcc6fe4ba6358dbe19e8a7f7a5054c7563a9 * md5sum 3dbd0d7f5a1005df18e5a511ddd893e3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6/jAAoJEIXCXpWhbrlNSboH/iEyHIHgGrweFARWtD0469uR x9WkaqSH6/itJp7MbIYE5sP8UI0rjw0GW2i4+EBqFXAX5sSR5oykK2JgRxeBLQ09 W6pQzE86JdyTV9rPKm6xl2ieWVP14kYTFTl8DypINnEQ7QlEZv1geDygnDKJ1/Ob LiPW5xn6ILhxJ9jJyFeSB+IKGjsCg+CFAim1LvGURfzNkg3OdEM04B3JFQ82MkP9 spnmVyXFMNqzESzNtNBco1T1WhVu4kAmKrJ3pbhWcl1LXPsVwQpRHEJnFvEF4vyL DPDMkeEMtkuT54HHGjPDEJJD04S8f5J9f5kqiq5P5/XBrcLTaGKEYIsmf/klHTw= =4vjT -----END PGP SIGNATURE-----