This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-go-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 12:22:05 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 632764ffa4f8e7ba75bffa416b22686e6cbe751f * md5sum 61ce64c7176824d7b80ee0d01b39db8f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrdvmAAoJEIXCXpWhbrlNLbQH/1YJ54+CEONPDHtzDTEWVT0j IryThWFoK1ms9azK5XgjvSxBFqZOGa5zdIfdpxgmYdNp9Bm/D+a31+0hz48Wff+w y1DiV9+DANazZs4nESv2ogFHbQtswotDv8gLHVHJsfS6HCXAr3N8SHfn3Lu55XRm hY+pFDsQbvODPij8YFFj9fcaL6u3rpGlpRdhm4YikbzYf78rFXLsTVtnxAou3f0M VGyVndlwKZjUPjcX4fWUQxNYw3rYrlZQGKqfgJrDH85wYgNJHyaBKQ20N2Nh0607 wEVoFJc+gI5bcHkYGa1y/2GfiugLmtpJbBF6IS3BAk95XmXED9LK3yFJX14LUzs= =b9UR -----END PGP SIGNATURE-----