This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-web2py-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 20:48:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2aa3a5d31ffb1f1bb3f0846bd6d4eddf232abe70 * md5sum 1b5fd62425ef0b8f54ebd22cd5a7986d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaoNAAoJEIXCXpWhbrlNufMH/iRnHp834thOYB2MPqtiX5q+ 14qhm84l3oSojiXty8DCuifaahy9OgeAgheqTSmDjA00L6VOYRfN4e/zsiRzPJrn a9Kvmfz3KSJd5OjT2yqMjhwycrulHhAmSkkXHGO+iXTiNm31wPVCM63qqk3DWbos /LFetxq0zBCpi9oKWduQfWTkxl08J8Qkgkr3pfxl8cbKD+2R+ATTy/QbJripqf6F 6zEQIk3/4b62ShJM9ZKTc5CLL73SsuMW4i0zMDuI9q0VvkaDfqxIKiNBYeeiQuzc Hlt+IymHwexiym91jLXxVujJrUM9fY/VIp3K4O7kWXx/+W8G9qNPornckE/YA4k= =VcSV -----END PGP SIGNATURE-----