This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-java-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 08:55:59 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum bccfe3ebecafde5f50b0bb1d6f8e3c4525610060 * md5sum a1efa9cf87976b570138e1144f80c04c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc2yQAAoJEIXCXpWhbrlNHJUH/iYmN1Fc7vfmqhD5h7GAjD7q hID0Ad0U1/Pb7vi4YENwTcqNHfrJZ9g+J+HhJezb4jXEXGZdLtObjTNWWbfKoai4 JCRT4VRhdl8t6yK2Vq4wYDca1qH81KUqZ61dr6EA5TpLUKPGXz6uFuMoDduylAiX oakxRun62+MNs57KELEaUa9vJTBwMHmchcgnj0tsYlSrMW20Gvenk6N9FcEVo0fH rB78KLpQc3ucWzpreWiwdybWjLbP3uDJQKUS4w0HFTKUx1s0Dy/s0GMEpz+NU/xj lAGiAC+jEDGBFN5pCXPZIR9CzbXB07hTUghAv99RCjK+z1gr+Vkrve2LIb0GZV4= =NHw0 -----END PGP SIGNATURE-----