This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-appengine-python_13.0-1_amd64.tar.gz.sig gpg: Signature made Wed Oct 16 08:20:57 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum cd740720bef6e763453e78fcaea2055446450b90 * md5sum 9b5c165672ca34a018eab7fa63efc2d2 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkxjAAoJEIXCXpWhbrlNGWgIALY/nFznDTR2bleMbzvFd+sd xhW+c/MYQEZYn/Aa6dYpk0EAbE7cnZ0aa/bG0a0Ox9a8/k6Kyx8XJaxPwsdgX897 3MV0FO/0KVr5BdBxKaoGgxLBa0EsUPLTomKWClhpElRY/QokZ7Q2vZMBMzZqXVyz sE3qkez5HmoYgpccEgssn979XzXimURDKx9YI4RQT/3y9Rq4EJkvIv1ROuTlx5cR BgIy/Co85SzdDzOXztyfHiHexcUBYivf2St8V5m1w/3SdkUJ6Acb4aoy+rjjWy1M kICbnfow1Scmyn7yvHqLvRry2/AgRsUBmCWm5I4r151JTlrw2LPxExme/tYO0RM= =KUY6 -----END PGP SIGNATURE-----