This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gallery-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 15:26:41 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 37951a5d57d1932626f58e8a5d86ebe3e8b4137d * md5sum 1195070709eb9e0583fec46221f841cd You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6imAAoJEIXCXpWhbrlN4GUIANLju83d0m58K3t/dBwrs3DF ZU8zUpOdcn0xKy0+WfaX+VJwIDS8FKgCEoeStex7pSvE548PLvt/3SDB+61Yb7Xo j6Bxi+GHY6MMaEzlAmZbCNNdzOkqeUwldo4vFaFyBe8QKZPnHlxjc5+12T487jPF /+3Bm2dquvPBN1GSk+e81wK+PCFtdUU58Dd59XNEg8uZ8GUcosX1umCz8RKWXxVD 0GPEOzRFTRyq/BolTJEBrfL5tiiU3Og98Rd6XUSHOHkv2XkULjoRSLoQfbg8nLrT lq/WGtuNtBETvCIsmFVuviBvlXjRElmS6eP6L+8OBEncHFRcbz/tnxYlH0vsRqs= =RkxF -----END PGP SIGNATURE-----