This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-magento-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 22:08:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4fc7eb753ca5e7eb9f9a6fe6dafdc9531dd83dd8 * md5sum b45503c8cb20364009437a56d634ca33 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmVfAAoJEIXCXpWhbrlNHGEH/3uFWxFTwN2xzUK1WZF88KXO wVgZd7/nv49nS3EsoL4Yfl+ITKBnh+kpEA+TznRP2qsHjTWJ6d/KDOD80vWkXdPB e7YszJzw6tF4JUL6c+FG+axywKvpy8DmSEbvSReNPsgtKEiVBrb/TbCtAruc0YJV bn6etP20WQEwLL/B8d7ZZnKWeMwie+Ha3qqZO27OFZILLkndUyBXIZkJBWgsyEsZ nlWqD+gtxntkDuuo6i+fHWS+IlG526jrsUODqv8IVa+p/FxMQGfi+SZfybpseLuR YInvziEukVGkppz1ryO4UJ4mzDqnYIXnO3OlaXedYTOiVwKuTTDsb+nSJwOsWeo= =Nu2X -----END PGP SIGNATURE-----