This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-go-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 14:49:10 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 61fdd95d206519055d6f72cd1f168ea9f00303f3 * md5sum c2d0e084d0dbb5690c0b55f179989c1a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXVXdAAoJEIXCXpWhbrlNyc4H+QEHub6G1QMQs4AS+8RdePIn yqP78E5j4/h2cQ2l+u802gwqYW+dc72OrAg0P7QUJKiKox+wD6l3hQVGHVGnheeQ CeKM+NQiyky/lZ5V4gXpY+zlRl3jsqEKhrPmkguvMO2TUFIP/inMW1UCIo17EHUS udBbTlP3aED3l7Kw9UfvaCLAtQrlHqnlC5U49plxIP6qKgXKCaVeD1uQH4mBTNyk 3P6q3HtZRaSut6/vmD/OmDi9j/WRhi0JgGqWI495uLWu0RYaoRANSrB5wK+/HtVU T52igVeZGJ/yVmHBINbyoXpUS0UQYnBTjug0gsVjANDpzm0w1gZ9xXrdQGZ5ZmA= =Gjhp -----END PGP SIGNATURE-----