This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-go-13.0-wheezy-amd64-openstack.tar.gz.sig gpg: Signature made Wed Oct 16 08:20:56 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a4de1b44da51e7e39bfc69d4d149ba16b9d2a5f4 * md5sum 00181b921bd356f673ef8913e790a473 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkxhAAoJEIXCXpWhbrlNirwIAKVutHrCH7YWmh2u8G52bdo7 GkoVg5bKMwO0ZEU8rVSo/aFQUxw12RQtxJtJGUcZYe/it2S5CgQZxbj3NNGazB70 qZ41qZIT7haWU/hhsTsXCzoh2BfiogQO8DV2OJO16E3EvtCMw2nFL83ZMaOLVjOb 5D3K1ip9pcGf1tvGbvSquGsmIs373BgXamXaKFXmG8M6+wsBHV8OlMk4LUyHTLLA Nl+bFF9Je8Tyzb9AdQlEmSEdd6DNJ/PHAt/FfHlSTwKB0jxjGiDGAO/QVYiDgCb2 1cXzokMZChoABhAE6xEF79mQ77xFG3Y+wS7uiilPWWeFxbvs2M1E4ePbxAqq6rY= =msjf -----END PGP SIGNATURE-----