This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-icescrum-12.1-squeeze-i386-openstack.tar.gz.sig gpg: Signature made Tue Jun 4 21:32:31 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 534a44d3be34b304cac92b3605eb1a2212d699a3 * md5sum 8313f10d9f20884df50f816f7d2c16f5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlzbAAoJEIXCXpWhbrlN2jMIAKTZYAproReXttr0VZr7Zo+o XhW2coZHmlr5t+hXKmrS56+wvU0W3aX2tjVhuUAnFWP/qzpwrcU/FOVL27Ii27pg SSv1S4dspP5UxvUr6RahBZcR2w0yZIAsRunD2UdHHWx+vZn9SrGtk2fpUPG0B9W6 nyI7aAZMThtL5DhUtIreLv+1zlNej5tO9+RqHrqMVVPIGzedyhnDNJUCEEKmw7Zf GJMxDRtGT1CtCXZSz8kXOQKhh/7/5A+D6kIT7WaaljnvKLoT/k2eiHDDI2iufmpP gq/Dvxyftg5VHvD85DcGUSiVZ/5IkCJGSl3klC7yKhRx41FQibfD13CKPyayKUE= =ldW2 -----END PGP SIGNATURE-----