This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appflower-12.0-squeeze-x86-openstack.tar.gz.sig gpg: Signature made Tue Aug 21 15:11:00 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 01a9b4eb5f9a1de44735f1231dfc5e346199510a * md5sum 147c116c960c697b94de76fa28037342 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6T4AAoJEIXCXpWhbrlNhXQH/j3u2KvgFSxNJs6vxTHdTkSx 6bJAkGusIJa13GPOpMqS5iWfRrJuAoBeWS7S2pEWT1VT8ARxDvJCr0zaTE8UtfD/ r7MqLwYqrG0J1sc8XhdmZoJGpetEAQ+XsjV79dr/Y6mvjkdvVWHA5oYW57XKvthn bv5+edqZ2YJ1PePysCtzsIbphIHzJY5bbM4HHTG4dyeQ6Fx/9Iyl6ZOiJaoG2qGU 8rhi9PvqGCE5W/9vXfDvjmjKyMrtGmAUj0V49nUnebUVl0dFWemO1JwTWJK5RCPF Uq9QNbb6c/dTW5Xt7tP8DbzNcdadRwDl79n5/V84b3gTwemtjYP42SgKzOIUcqo= =zSqo -----END PGP SIGNATURE-----