This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-elgg-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 08:49:03 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 54ae8026e95cf966dc84a1b786000691865806c7 * md5sum 9bda3fe275a193910ae1edeb3c41d7d3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlL2AAoJEIXCXpWhbrlNAyYIAKqF0im0IaQWtxZNJfgqddxl 9oN1Mycp2A7eet46zcWC3szWKKTIx4hZlR+QfD+WZqcv0S6rW7WD+Slpprbykg+6 UIJnjUuhYRQM1HnWr//WZ3z0vCQ1XlMQ6dSIdLoP2F8ZI/Jw//TPDiiA75XRLs1A VHZEiMC2T8i16DpZIaK5X5/INUGJzsOysly0F0S/HIvyFARbAmbUitPDx8ScwvCt 5MrWW/twM31jvB48qRQ/tg0EPsl2ItH7bOYViYseRwBG/i+sA5Zax1AQujWc/1em sirnXMyJ34mwQ+BlcYd7K3PW2Of3sEUDAUpGr6fqnj4AiacPe1lGjjdSdMzGP6w= =rJ+C -----END PGP SIGNATURE-----