This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-python-13.0rc2-wheezy-amd64.iso.sig gpg: Signature made Wed Aug 7 07:31:55 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 36762127c0987d7a7108ae2d362c310750d4c808 * md5sum bff971e5823880e0581275618440e9d3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSAffgAAoJEIXCXpWhbrlN+6UIAIBMEGF4DOOpn7kW8Ocdruqq awiyKojkdXOjtZrONNKcr2r/gQw/UiTYrDUJNI6HxtApV+Vz5TtNX+WUrtrEOmIF m9tKfzpvGT0rztJdSvSfPSF7kPiNn+2p3ZAprSJkPW4j0aUxaIC3lJmPSbVYUeXz IWEuI5QpgeArlO6EseZL/GNZShog8vz8sVTjHH/QQMqlP192yC9ar9g2F3ZTsFWE 6riyp6hyp6qZR3HDIAIZY4iobL9F7C6f6xMw+aoe52lWYHkpJp+1We7SyYo7pnaS +wl57PQaYM5+Kr7fQbhV/fYHjLZqHy+m7gmKCIb4NLnc/DgtaUmpv9bTJcPdtnw= =G/yq -----END PGP SIGNATURE-----