This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-osqa-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 23:00:35 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7537b777e4c20457034590ab9964077275015741 * md5sum 9b0f4d5a811c2ce35a8df643bc98ac1f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrnGJAAoJEIXCXpWhbrlNXqIH/RXCqbnXmJDFg4dsZnvRkD9O u9Gspkx246f6dOolgwhqP1Mg4HTfQHXQYERJm2bBGvFWUYii/ZzZ7j5oB3bZ5ton bv/WX4dqWxsNZo6rCx0n8Ml3p5u4o8atBm5TN0cQ2slj/bmvD8Ojg4MnPVsO8Hdm Ah/y9a90tsoCu7QHwPv9NSLqXy/s94JVg56Lz6n+96FpzsKBYNAzUa/Fw9bgACuM IDvq1CL48oTQnc5lOmNraBEL5OwXfg8octYo3RYyDz/owqUdlYLMIgaxNadSJUxj 5uh+hPUTk96WwKXrDNopQybcXzlBpDu3YChLgJEAfuEzuEJXFGBbei5RR+gBc4s= =D6wC -----END PGP SIGNATURE-----