This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phpnuke-13.0-wheezy-i386-openstack.tar.gz.sig gpg: Signature made Tue Oct 15 17:53:30 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 6e5567532b4c720d114e723e287374e1a74ae4da * md5sum 600b9d20dd26bbc093f68b8f6f3e9078 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYERAAoJEIXCXpWhbrlN03IH+waKjAhxOj4c7tLQcF/T+iW4 wzUXv/ZknBSXIrgVofQC/bUyXkMnL16nDSzFQGXOOajGOiS+CRI3wNLAaxXrqpHK W49Qj+2/t3/FyYyQquog+rdHjNDCtnW8JgE7WSKSY7l6lCiyYR9cgUcKmQ2egbge eEh3d5To3M7LbKj8Bsj92Ui6ux3yJojYEBClMl0WQ+SqLeT7sxNWPh+szLDcc8ut tkdA2bMD0/yEtF2lEZEchujbbsAA8CbleMq93W6YPjTQ+3T9J3dg3HJxKGy7No2d Ho+K30YimHwf2jgojT5n1ci0Xj/xHWeayVbx0U8VlfJthn4mKgpW1uZpB8FHthA= =/1ux -----END PGP SIGNATURE-----