This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-zencart-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 20:38:20 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c4407674e6e0ee49fe12d6d583d89801d6a6814f * md5sum c7570aa781c3c31c6b3071a034e37f8a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaezAAoJEIXCXpWhbrlN/4sH/3OwoM38LMjCFfG99PskCBcs 4bP0Hcyp2B+yMQUMt9A+B8rGJwq1HoLpT93QM4XhGPQcsGqIIXOJDAXw69GtgiM9 zcY+6jSaefhoA2iYJSCyAkovilwTMQZRJcMMgzX/djhlrHEENBKTcKlhv9IlkZON kPw7L48QuBuIFQPfVtEl5JVBpCZkLQbJafNcX9/W46HoZM94eSKva20Zy2+qbQAw IlH4Bn62qRYRhA/L8ew/wt+O/6HAtMZTTqOnMNg5PqsG+Homw8fVsODdNo9fhDL+ jBSRmmSHHfpMmx3jneixa1PIejEmNvV0IbLnDwin0v/aozPWNzVg1Zqn+EecWWw= =BacB -----END PGP SIGNATURE-----