This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-projectpier-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 18:24:59 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b79bb886f0383d757ed4cd567c7a93d67007505c * md5sum f5788c323887de82c76a345e6cd71b5f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYhyAAoJEIXCXpWhbrlN4QcIAOvywEEVP83z42pGz3PBq9uS m9vm12+PRe2N+kj5Rorrp+CuTfQd4DuzOGUsBSZOcPOr3W420BokJlzLXIsCI9Qa WgtkOPqGlCcvLBiyuWcSfrZzRYFoXTNx8xY85fYZsubqxO3z0HONUmcCAnlNdvYP PHUcKTovXjA2JEr032pjBj6nydGoNjK30vU31aduOMN/7s5by9Lle7TKG8WxVwxk ow2giiMLgy9HJRNoJxnu12iA9hqvdRgg4naVHA4xp8z8zCh/BX+1XAlwS5cmohSM bSuibllqOS8dG2n2Va6CIbqyOUP1p2XZ5gbIeXEmh5FAmyrmZ1+1ADa2Jcjqfag= =Q9Vj -----END PGP SIGNATURE-----