This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-oscommerce-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 23:03:35 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3fb968d7e88c2bb7185b4b431026a386bcd56a4f * md5sum c514e582a2d719e4f6806f98b3a87198 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrnI7AAoJEIXCXpWhbrlN9rsIAK0iJOHXnFBckYQenVfnlF3L nvBOycp2XboCN7DUxhSNe7urw4WmdSpQOhnL8mMI39bKcV9ZoSS4KoU7o1Bwnvrf Sz3DipAwlawKS7ii2p/gHL8YoOWNezaIo1mSJE+0iS0unh/kbzr2dtASY0eGi8CM m8J59paS1sozUb3SoLLxp8qNcGcSGusLHjW79TRkbGm+rc0Qbas58gs1s0x/mgtA Z0oVGz2/XWMGstyc04ONm0WUn/8/YDauhNVz0m12z4SoN4+NJtAm/vRCaQK7jZik B4BuaJnoQpCiN+aNiY7NiMa25grtkaZ9SkSpvDIx+MRTOsrrne0lXCEs0qUDxZo= =Ge6v -----END PGP SIGNATURE-----