This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-go-12.1-squeeze-i386.iso.sig gpg: Signature made Thu Apr 18 13:12:28 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f19dcf1d90a58f5725278b9f1aec9ddd61ca89a4 * md5sum a1665e610b84ab73fd245954a8a79ea3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRb/EuAAoJEIXCXpWhbrlN8j4IAK8rWDhA+mLp300e/Pb8x/Ho fRy8jluWjX0bNW67LvZsYvCAU5LHntXLd5qXjjtxJxHltLHYHvUBXy8dnpDn9Pdc 2GMO57bklGPtbn9px0jzK1hr53W61QmIN545Za46o3EVFeD9qH6cJj4ENPj1r0/E erMkVT9a52MTSx1GHwx5akdKBC9ubil8jaYOFfL84Z5XJYS3xZSSAoX8DEML2fqe YivotOc6X+B2+1IPRP+IMjqLNCujkUFxUEMdbwq8IPFsYSA/3oN0OY/7NUXpVfmj gfPFYTK9J7z48ikArN9J1q7Bu1ZeRJNqBQ0s/VXyYcc/rYlr9af1pSi8aYWjVV0= =93wp -----END PGP SIGNATURE-----