This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-oscommerce-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 17:43:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum af91bb84606ad081d60750818b835f75cc4c70e0 * md5sum 6ce9cc131620947cf51ba3b01d085ae5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXX6gAAoJEIXCXpWhbrlNvnQIAL8eTw3TuifFEOTz5sQa21t1 AaZXoTRuUbPIi3LZQuAVpkStfAJL7hIKH+yzXMwid8Gq25vTPesb1fZld2TnbGaH ReJrAwMgNtQAyoSYAoD6Dg3kfc6s0SeIwoX/Bsmt1tPU2XlrygV7e6l5iyVRri5r NiO0VRiiyZgv33g89vV3FkUSYmGNmjj8rC8izgeSTRZoXW1RBVSGWWTtFZH2ObbE c5S1Ewil0B+fdzIKh5A2TI+WVyIZxoaXye4lpW5O6DJkxLZcV4gzMQWsOKopwU+s YcfJsnNwc0tjLZRNiaP2nflsNXLTrQZ47/nYJ9T3yAr1SIlfZSBjI+YqL/chEZ4= =6IVF -----END PGP SIGNATURE-----