This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-yiiframework-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 10:54:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 80b202a37a178fffba85d5bc709882958a356aa2 * md5sum 02fdf34551866b68b632c01e3b6bbe8a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXnBtAAoJEIXCXpWhbrlNYyEIAI4kn+sC303PRqo/14mDEKqC Me9hl5gvxEa1FFv8xJ31fNwc9RNnab98NDWhsD3sPZ3TRDvEdCaSryuxgy9T/Kq4 Us0k40ohlndkArDozdPoPRQ6/Yue5iNwYc4F7mqICx+XwNyiOzipaRDsjwHr1dwB GCYGDvbGst+Nstl/Xp+13rBPC4kulxD11vNbaaWGjHdJRqHy7Ja1tM0whO6gGG6y LWBFLO2CbG5jsdZg/ZXiRoYkjSFMMDf/YfJ9c/40n0OLWorhr5dHP1wfRyJwlzaP q5gGloUKc+aTzJ1sizMx76xLK833h/6P58Wa/M1xhJmpSZx7k0cdhzAPtrQKMOE= =7ybk -----END PGP SIGNATURE-----