This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lxc-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Wed Dec 18 12:00:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7f867ee29e42ddc1ea11a1807b0d107b55f70aa4 * md5sum 8f57b7dbfd9bb8288c8d78d5b16ccff8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSsY5jAAoJEIXCXpWhbrlN7cAH/0DBtazAy4cz+sfGDJf9LPnl vxCcdFFMTjS2d3Gq6apI3DVrWmSsrBQ131a3VEKgn6d6OIe4RDjmxSqWe376dyZ6 DJdC6ok/jK33yAQggHd3foobbH3LaeEx5koQFU0R/XVqAjGd4lRGjOZgpfl+pipi 20bo97lBgoISXuGtWxTwxSWcYsOr6+BvLpEfcJq29CqyDh6H5nW+zGwo8NZzTffo RxEnmBmfdLm6t91Irh164A+MVFZdRGUCwHbymFJUURJ7R7aBMM+qpbKVyVtiApt3 yBFRoljzUBxGxUeioYjINshOxXYgm5VTQqYA4Hl1uHv+Xyx/Q5bkFG/ykiqo2EQ= =dhqb -----END PGP SIGNATURE-----