This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mongodb-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 09:38:47 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c76916e37c7729774b641c7b60b5d6f2d011476f * md5sum ddb5d164694bd515ffa5c858ae959677 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXl6dAAoJEIXCXpWhbrlNfV4H/2j29hCatmekVp5CPkta8TSL wxWDCfF/estq9veCPj+KR3mqxtnNiHtYJBb0JgWFSRrxx5AgNLwxNSdlK3uxihOL VnU7PMjinLQOmzwZFkwnU42+Ztx+qu9XtXmez9KjXy8cTQP82o8caUqigrxno3sy uHmKnH1H2cIbzYtvOr4WkWfSfYlYFRqzthkfYOnlPfNQp4BaXYh1kRFXcqJiCXLw NGcTpMDoqxE4S4t6+MuRjYazsPUCg6Y20nxACFTpOFKp3yAtmHxs07wB1RMtnKwq IuZUjFGp5z9yTMGzSqfD9CYtjbx4ipiPRT/WqehRPaj31i2B26pQku9pFMXdfCM= =vF4V -----END PGP SIGNATURE-----