This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-python-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 08:12:09 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f59028bb4793f27984bdd19f39890f41847cc2a1 * md5sum eec63b5dfa91ca14d0db038d2228b5e7 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkpQAAoJEIXCXpWhbrlN8aEH/j5wV4PalmkhvGt11KNme6Rz giTA3SwbnT9iGoavVTIwXjLZOTu1g4rnW9NhDGhLzXc2f2IXO8KTGzTzpO9fnhx0 PXzINWyVONSBZvidrU+2rzlgIekCwQAF8JZ81xuTh8q1iVQcMQfaxzEd0BHzbYMw GvnPqb09ybMQd13TzdZzVNDJMXHrgB6cXYatoh/XINEBM7Nc2Er3XR/UW24Djgzv ZkBLX8Y64cPuE9PqwMX7C58plWCeDkbgJFGvTSpLMiTaGXqJ8+ePaKIahjh/vODp 8VOaP+SsVt7cqON5WRsAZ4KaMHwkxd3Uj8edNtNNuUO3T/KEH/T7M0ClA62A/so= =HRnK -----END PGP SIGNATURE-----