This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-java-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:31:18 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 62c97b598a3ee32cf6febf4cc1ea7c4325f912a7 * md5sum e9cdb2e863ff901b30f13d75aeffacc1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3FyAAoJEIXCXpWhbrlNMiQH/jTLNErclsWUsBBcEtEOHz2D XuG7YacPymrUFLkEPonziKrFGraGtQBkpteaghJ7XoNSI6YVpx9EWxLQcuwgeqZE wB05iOcEILMAE2pAUXSCG/mWk/cT1vMqmiJR0S/9PRiu97aFglZwAgvnubVOnaH2 sWUGskd+/NoKA5WwibizaLrPwJPUoIWfsA2qlsg0iv77ozn9IZ4Ag4mafAsYf/Ld j43yN6z9vOyxhjX6X/TJObONjAih3XfzD0yAk6t6uJQxO5Q+YVahmKxk77E7+sm0 Me47lJyIUj1RyraSt5FokpFe1+sSTCoU6jxa/vq5MIaIc42W2Bjv/VkLmn6UG/s= =6wgI -----END PGP SIGNATURE-----