This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-java-13.0-wheezy-amd64.iso.sig gpg: Signature made Tue Oct 15 14:49:16 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9f10b8023bca8cddaf885f4905ca6a2760abe565 * md5sum 1c2e97ebb0afe3cbda7af7a47bc73966 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXVXdAAoJEIXCXpWhbrlNPt8H/RegH4qnZD41n/RGRrLkG//D TTuKbPobkJZe/26wfMUblNZ4+4Hd5ar+QCyX4IjSKYAx+yJE9Yh9InFTZs0ngeku FuRKsOEwKDduCvpmta2rtxSmfwCCPvLbzKdV8Tz0N98B2T8YiyOzSU0qqbokkMkL WORXzagl8zEjXfG+vGwQKKU+eUMKdY7PUSBNbRBXVV7L1cRVH0fS2WQeH2ZzQL1F HZHnnTFq6nfQd8MzAOKW6vqqhDs81uMYBghUjWlf30jPyLacqvmr4tAEVE5wc/vX cnXum5kjj/8ybLqeJVAa8k5eFZ9iI2aOG5nrQeOBj2Wm/UVNzsxIjjQCkd1J+mQ= =5uzH -----END PGP SIGNATURE-----