This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-asp-net-apache-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 08:27:08 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 02f67a1780fcc7e4d5cef966d8c081fb2f04185c * md5sum a553145362d6e01b15da4f135d846d95 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXk3SAAoJEIXCXpWhbrlNKSsIAKYd37Ox+uyFAhtwc3yejGqC 521MUD9wgaVP+HKFDDWDC52GgBXPOoTtey/s3ANBH42+DYQJ2KF0C3x8OkUXqsx8 W+BW3mAZaes+jU4iMBnZ/T2MFvRoa9/5Y2oTBdZU+4UNYJLyWOm8tH59ltEJcJpJ VgicJLaIuK9fEPHb4HCnFfMyyGJKFwRApijLOnbbQLSbh5TFImufUlI5tvRh2A5T o03S46ixBy86gPhlqL7TefN56i2qLMiW/njxIecwKxmtI0FlNh9Xx4mjUCmKGjl4 Q+P7GyUeW+T3j+eaYUJq/35YE7ieA2LqVqFLXwYJvi2IaUevXSGrRneTc6In73Y= =IJyJ -----END PGP SIGNATURE-----