This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-go-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 19:56:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 642ab027aa23ae73cc17ac76485f4f1c332a4a45 * md5sum 5aac1bb51bb1dd141bcdeb47f1b62689 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkZ7AAoJEIXCXpWhbrlN2tgH/iXy1VnrLVuc37vIbSiJrbrD bvJa419eg4rRJHLkvAl22zVFrSMeFVIRxvVBI+a0DbxE5fqxUTYB5Apk++1wRpFo CQsQzx39/hQ7MsMdYwNdGTEpDS4NfJawWLZ4V3KtQYft5zxAyU56OrNx388dtfgS 4PM4jQ63GZPTKicERC6Fqtk1Szu2W7AxDtI7xFE+Na93J7TU48AWiSf9xfvZSEv8 wP84uPUI1Q+MBmthH8lpcS/DuOpi4UPJ0/f5MHow+XffOVKDo3p4pF/yt6t8FJZy 7JZNgKI0S73TTNTt/RWIicf4Xza7aceHS+RDuam1ylsvXxDrPx9uNTGlgo7oNos= =lqbU -----END PGP SIGNATURE-----