This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sahana-eden-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 16:20:19 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 55624b0e7291414bf6519122c3ee73de7256881a * md5sum 04f924a9d373504de5945fe82b2d8849 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7U2AAoJEIXCXpWhbrlNcfwH/RMnyZg3NqRsm757/WiFH2HG /Zmj6FgXsT8KzXnU0goqzhFqDxHMMonQ1Ogld7imW0qg+xzDIyXS5CKTYnSjv/JC 6X0/mvUtozHMB4nQztNYabZeBPrgNp3qPHhF42louJrQNpkWvo8o5exbEHuioImh TSiT73KWrLE9kXvJ+qXwOuf1drcohLK+oGbcdWV2HmCyt4yzi+xFHq0fr+usWwFP 7OTDRhKyvtqr3P1h4TI/bm/i0YlkHKLNYyj2U29Zu+V0B+oECPEHCosfJ5t0SHwB CvmR+I6qCevwN7aMhOhEkjmy3k3udzQlTMhFuu6pk3bBu4nmIjap4UQ+A+opnTQ= =Ndy+ -----END PGP SIGNATURE-----