This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-redmine-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 16:40:35 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 82a27d227b0ab43c5ff3feca4c65ae84e854d1b5 * md5sum b61c5bcd964467bb056b74d903015686 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7n2AAoJEIXCXpWhbrlNdpcIAOL7bZOHX0921HgAtIwiLj1O 7Yvb1XnqIjPjoZdd+rHz/h1/iV4paLLNbkfEUL1rbPsp8Oq030t0ZksS1ik6Dc/s VE2sJwOvGg+8aeuBhsSPsLwSmE9cbHbdNfo1tBnwNr1zveb8Lm5H14OYVb1PD5pB /WVMG3OIH0DM4Ns9aSL4M0YOnpsCaeVcVwmIqheQhgq/0id3Kdl7Qp2LSYIUU4mQ Bm4RTudQrAOOallnIU0sjh5+VvT3/B4Bh6L7oKA9lRsmBKmNS9pZiCVHqDf/qCkn gFeG9O1qAJ9TE3mrEC3rWl/8uAjOzDOD4iJ4zO6BQn5xTiMAG0g4XzV211I0NnM= =98X/ -----END PGP SIGNATURE-----