This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mambo-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 22:06:05 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5e26992207fdbfe3ae5135b4ebd958c3f3b70d7a * md5sum ae26b3a266499f197410e0e8445e1f45 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmTCAAoJEIXCXpWhbrlNwqEH/j5xUi19IHrXvcdZrX08QqCf THQLfvUC88zyg1/AY1xL7HTOm3/WnS2td6DE5eeHc0VAxbw3Ymf3QlKci+RciseR iSFLPjhoqV5AaxI080dH5YbgRAMAVDWq4eq/8YVBi0t1HLDMk4VU1OLKi30Di9fj AdvytwjgQRMI1WJSmn+dr+JMBHSLTQlqDObcOU0G/hoBtNlMO8lu+qHVw3mU+gnG SpBF69uJBZ3IBt+c+I96ajZ1Qo2Zwx2Ty7E/i2TcrcpCOOw41tPW9kKkdsff6xqB vWKojM0wQVtGkLgIJWCD0abHjXIS+jVJx490Fb9ySmvbFc7nhM21ulnovPmUU5k= =iBeA -----END PGP SIGNATURE-----