This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-go-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 19:43:11 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3127f9edbb85039deb0c869d9c73feae69dffc3d * md5sum e932bbdab542a2f7f3ed644fe184a1f8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkNEAAoJEIXCXpWhbrlNCcAIALi4qeg5o8kWHRl6twvvNXTU Ga9eljk0tzAA/owZOvaJFxsCnUi35I4zInakDTKYpLwR4D6LkXXKovEi1J3wlWOS Xxmr3dc/Aazw1IFvESSphRh4i3GI/PNa88ZOgMycreSRrl2kEfgrv8Gg9BexgrZf dUQajrrk1KrlYZ4I5eskTTMBo/yUad4/5QL38xt3HNtvBeI5zRiLw3Oqyh5ANGcW X/pH3nIX2h8UFHW4wxwFWYFVB3Z2So7ROaI2zwXBp57yPT2usrbluw5W2O7MIma8 CiG1PEBSymmEWG76oxfXICL8aA0ff6cEe30a81E6BMVDPhb+XZA8Z02M7IQwVbA= =q1AI -----END PGP SIGNATURE-----