This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-java-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 08:44:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 128fbbcd20dbcb0be5c7370496de7298f4209128 * md5sum 561a405d63bc851a1554178b691f6600 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlHVAAoJEIXCXpWhbrlNCY4H/22esfG7zZPzVmMW6jfvFuIl As5KqGJHLhA0p88SKUI3JrnGMgEC6iB0imxbhaFWByt2ASe/Kw5V7lcYPo0NO1H3 1oeLz+22x8sqpfkrmjJ4H0s46GgOiaG8BY76ZFsIc9uUsqZXzSsE670rBbqzyq58 +Q23eJe+5TihO9y4slbq69ija4GPZuUnbMn581N4dCsnzDOEdS3aShjBLlYmhu4D c7T66ZkD+5+329Bpfd/h8GbKZoM1fivNKiHy56Wuty87c0MzoPJnaMDkWnXVXuNA Qmj/zE3xfUBHgthV74pJEppF0ggIr8MavhuGUolugJjioD6qe3b9YPMd8MX9u6Q= =Xjis -----END PGP SIGNATURE-----