This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-java-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 19:51:20 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 8ba3bed9f7bc8b8bbe108820d6758e4ad0937340 * md5sum d4461d85de4862cf3b4c2a414b1768df You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkUfAAoJEIXCXpWhbrlNyHwH/j3SP6NDE6iDQ9H9+XQ1s2bE b9r74lWGfJFulOS73zfO4Ychj6xoS7X2J1YRMD1UQF5W15S9Y92CM9v4f2Dhr3X+ Gfy+3fwYyiqQC+KShY2OOXB9Dnf1f55Gd5V9D/aGq3D6NgeESQMCMuEv8MOZ8STM 01+S7+diJO2AHRsY11PFvqwde37BbSl29yEHhG45GyKGVZeEr2qQH/9rADTWai+K puW+PF/0Y2OpSRZTK2fsBwBB6yaNPv3ELYCW9XIJH/yNuP2JLBcOG3YPR9wXIeGe dkTaZhMBhcdrcRWp9kDXiY+eOAXVmF4fhi6KmP1jW+Ok/3Bkv57SqUGnq3cn8UY= =nXtD -----END PGP SIGNATURE-----