This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-osqa-12.1-squeeze-amd64-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 15:04:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum fc8cac826578d536c89e731117ff31a776753034 * md5sum 9a3647b6d77a9913912a594174b23f53 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgHrAAoJEIXCXpWhbrlNxeUH/jlS+qoJXPR8I7E5QhqO4VEJ CY1RqnwfXELsu59E0f0K0EmYeRpoGMNBd5BcBK7yhx5uyKLb3KLlcCS8yWmYOKNz /FjSWORd+QQwyP2Ac90rTlLXDFC9ARWpNC+OhbIONJsIppKDgac/MTa2Lq5XSsGf x5dnYBWHnZLj2KChRYpTb7tJnJtqshJafxTV2Je0irldU1FX8VJ5xrEqvmYkqCxw OKBtwtB9V0uV/S2SIj71IL3U1cFynjzrfJ1JKEr3iWJMODTxeROdlxkcg1QbI67M eSU1u6zNTRe7kctOMSX4eAZlZevGDtYr9O+Xia8Z1hqgiXN/TJqo0zySKSwR6AM= =Qa15 -----END PGP SIGNATURE-----