This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-torrentserver-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Wed Jun 5 00:59:27 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9f2ed595666700056319e6b1b206b06f47a5b2f9 * md5sum dbe363079cd10b31ac0f8f87ae152689 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRro1jAAoJEIXCXpWhbrlNbcoH/1YWX09HUlJkLECgvb5ByrJO Lnmya8s0q3WbjVU9zmeuWT2j1+O4M8C7/twpwQi6SFmCQiqBrA1f3NokV1xCXQY+ BPTkp3CwGl1y/JcGRK+ZA0tkE9j0dn0srCkkm7NhZDSGqlVKRGhjkkpmBy9vvA7a AdH4h/eOhhRGm5aBizBx3qrCO4M1ED7tSRD6BlEhGJ1+fXERCVKV8TCjOPSYvEES w6spY/l84FBx9VRcRb/s2bItVS+Q4b0OKR6OmqQj3muAEvE5za5jTyPuQ2FS+Xht AtSGndpUfCR/ElnEMji0OZRCv1ovLIoG1QbP1zakTw3jbCX4sqCl12+a3R6XdiA= =J7EW -----END PGP SIGNATURE-----