This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-java-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 11:31:40 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 992b13dc5daa00903cb79ae427fecd45642d1b68 * md5sum dc91a6b9b24a581b55cd4295650a8a4d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3GGAAoJEIXCXpWhbrlNe90IANs2WDLHP8Yl+8gE8IcNiJ+C L+SEz+rFInUZjwz76yc6Tsc1rf1281ndRAb/U+6SZpOFpp3Vfh17kIS9kmlpfi0q rwZuI4enJbDr+/gZaHFcAsnSuiTHSvoW4vUm3lGJj3/U57prAMwgB6iSAtJRShg6 5pbCRzak7K+/pt/rI8o+m75MtnA7zABWklbT32uqziwTmjEwx/4xW9eCiGRmMiGd fFUAkigB9EUob4FMh9+UwDrfoejEiLi5rwK//Hw2fpiyoI7xvV8RieajZOhcK7QT rX6HNJ9O4d1Y9W9g8d0Br2VYCkIWAgbtpPuuOFB5bIUDNi1xyiQXfimTk0cL2RU= =BaAc -----END PGP SIGNATURE-----