This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-elgg-12.1-squeeze-amd64-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 13:24:34 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 88d92043e4aadcda90d51c31c82ae1f8784efc4e * md5sum 21115f4834f848bc17ca14bc159f4bbb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRreqLAAoJEIXCXpWhbrlNKS4H/R6ZFeVObsY5GUTfwXi6rsTZ 8Y2rYg5K1rpVyxkMU7O2rIajAsv6pA0EbbpcEwk57TgF0GAGsWc7QGtKtEz8Vuig iyu+OZT3Wx8TMsSS0p2e9zJiQtCzmvtcrX81kEykQu+/ia9vBJ2QywpKe+bJ+T5B CsZeRoej+TXNs2vO1NAPtNopb2OP4BqhgfRu1PCpwfUbXogT+oLfDCQyVLBWzzp8 1a7s1BoBnioiSdv7Ofq+Ce4ljGvzK1KxTsiUaFxniwT26N3X939guh04AxBRjd7T h3VUGcYhlU7V9gU9e2ge79bDqeczrQ0FxISpWFZRyGjCiCkbfv37yA6iSbyQnJA= =h3b5 -----END PGP SIGNATURE-----