This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sahana-eden-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Wed Jun 5 00:04:55 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 00e1edebae1d70f89416c9ac04bda63854c8bdb3 * md5sum ed1311a0aa13b71241a4b864d4d5b932 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRroCVAAoJEIXCXpWhbrlNquoIAJ1w/QUxJQtLd0BDZxG8I8HB 4tEXGolEypgYs03EOSzrboh4d47V4WQh0Q9qiRH8N9j6rD4PGKxMnH1K+4FWe9Ye bBXSr3d5vxILKe088qjRRtWdMu/H36kvHb2R9xOtNPoGH7Wm6d0eyqmr0IS2kicy xdHUSVmC35cTbget8CMPw0yK35M4mkyBXS5Mr1mMphtrcDKXdx/Ml897CRbH2gCu 8o41oiYQY/7PUZpBULHkFpw/wPPdPI61bBiG6AKzCUD7+/9AjofY6O+n5F4PTz4c DsHOjL3LSYouEESheR6lfQmz9uHNkVHE/qylXoAghWZl/KfkKdN1KDbgRMqHvMA= =Qwj4 -----END PGP SIGNATURE-----