This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-fileserver-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 16:07:40 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 26d71a75a0c0da575134bb9f74423ff9c6538a48 * md5sum 34a61cac91c056704956769cc224e145 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWhDAAoJEIXCXpWhbrlNHwsH/i+ApLrnklsyeAcYe+QAhmEN AlBkzX8jXhYiH9y7hSBs8cRpv01mw3HvWygd3RMjRu6KcgElPkmjVOk/64h3ZxZU Qesy5gNmnmpP9i8Vh/iDzWCCBFNAnGa5amxNVC3iKddwRp4tRQUGT586SaPoq186 FWnLL7TpY+i6xnlP3Qp5ErtowtP38TTIJWZyZu24z+bN4gexzV8Q82JmSn5+Hu+y 9lDh1zAEHLXseIwXV8BYNlCPiYrdVHqeUu4+8I9kkNRzYuVgeEsAWRim0fni2yTs pGDUSvNv8spxlYos/4sneW2+emWej8fvMqj9aCMQj1QSZpf6yEX1kLBbFEQph9w= =CkeA -----END PGP SIGNATURE-----