This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-couchdb-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 08:25:26 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c1082ebd7baab129f1dd172285a0246b3c83b620 * md5sum 661213af72890a71a8c7764801b0d650 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXk1tAAoJEIXCXpWhbrlNDr0IAKXN0iNRbIpifNUWTpdymlOy q+6nX5dOYBUozIB/v6VguzWzxZZBHPQxeGBExcwHLPW3nmLJzzSvLmCy3Rv5WyK/ e02x0WCitqEwWl2lyPww2IYlx7Vjs79jc/nrMX7pBPeCh8zNUN1ziE++58C79LTZ X3KVKQh2hzLRsXZd6AsnIJF3/VQGtgUPEDaQUJLWo4a2ck4PlLLVrrwxt/O7So7X LX7o341rk6AKz+IPBQG7gjnuS+NJIHdXSgJaaGurnGh6RYBX/d9H3ixuKEcYXxEZ bJrvqhUoTVH3ZaF+biDq8qge+y1CnO3mtMrxosM/ytMtWNqV2baXOJ+9A9/T2jg= =k8Fs -----END PGP SIGNATURE-----