This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-appengine-java_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 15:05:49 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a0363d97b007cacb6ce1536185fe13a04cdeee90 * md5sum c78c8f7ddc20c03d3ddc4c5d49b4146b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXVm9AAoJEIXCXpWhbrlNw90IALX0k09ONX8IKtteLudk/mhD OBiAonx6i44jBDh/x3rsAJRlQ43S+xkzMOpbtIZ32vXkFQAk3L585VcGKUT21yow mGCOYJSHs2AT69lwS/3iRG9prJ6Ny05KsU1mvi2gIq/Wj1ege0BDxa4HG8TtMJW2 HGCofwVTg7HCG8y/p8Ce5uZGNlJHn1Nf2OxTQ09tbl/ogn7KnGXuRjYD9kmYWyS0 WaHIOLl1KQSDsmoE9WSP7uMGVsiXujdHpFqvS7kTXwVSzuyMzIf3uw3YdKVOF4mP tNtGkLC1zthTYUwe1r8yqP7fezlYHlDR0vc8U3pSEWDF9lthSIeDIEoIaOeckUY= =1qbi -----END PGP SIGNATURE-----