This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-python-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 19:46:56 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2e27a10d5d91dc0bd71ba0d81e48bfa446572214 * md5sum eddfbdb415bd9f400cee8918bc5aa663 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkQeAAoJEIXCXpWhbrlNyA4IAN0yq0RLr85xPyqwDGaRB1Z7 yjiB2d3ksOtcRUIiVhoyliOyVtf+eUuKZf/i5UA9RO188kJiKRYsXV7K09h5IkTO CN2QohpFOAC+DSrHiXbGXE/UdZPJPDwhpLpxo7hStWZ1AsKJhy1PM5RGW+2ko1W3 3ALjFhY1Dj/RlzH6E1MySWtbVVjnvMQPELicEfcN/hbSW6Al1KQvMGmfmywzAk+t Ibeoa69S6bWT9Tz/ooA9y8yNQKoGrl9QYmbltbRe8XzVDBNd+fbN9DdI1e32kU0f feAh6giVYOLf7wXkeMZhDDS7n9GZgZUW9KVJGB2xx1FEi3c77LWSdwUtfJDIu6s= =xDdB -----END PGP SIGNATURE-----