This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-java-13.0-wheezy-i386.iso.sig gpg: Signature made Mon Oct 14 17:13:47 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4c7205d0eeef291920c7f39a6c38da5d6cc8e8a8 * md5sum 5f9fcc2240ac77b9c0d2961e5ac31e5b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXCY3AAoJEIXCXpWhbrlNzqwH+gOcJ2JuOw2V33fMFOF0wswr HhNS6pktBKcX9Rj6r1V2/0VNNZxnjHBd681vH3r+I2P8vSKnXazo8qRsv4roGhrM EHnDfAlPr4xZ38Yx6aJyfeDc10y82M/I7pT67pY/MvBF20L3DogsszCly3eeQWG1 JTbrB++jFLD0LTbCfoWa/j+NZZds7nm6hqO/dKd8OivkheEnA3DtD+KHKQZ/sDtP q5frtK8fft/KKoABF/SRLUcW2q+3zFUyxYyNF4/rYdT+BsARLyQNrQga3E4hoshX dhzoQ1BTSIwnE3OEDkOrp6BmzN7Nf2BadHPFNjc6tw2HNhOsyi/looqe9erZEDk= =b9TB -----END PGP SIGNATURE-----