This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-java-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 15:24:21 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 95303a7a9a27241a4565341ce24e2cfcaf083d61 * md5sum 42deb298a5e8cb80530a8ca0de8b0c74 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6gTAAoJEIXCXpWhbrlNENIIAJn0M6PTuMpHBmGk6UYtkRcy p6+CGvBY/7uaRVarJ0m8enWm7f8MswEPbBK8zqAJ34YCEnjcFldRzSAY2jlKw78Y ER5kBUehHmsnPdDBlSiY78tCQwrd7GBjkIvtmolyvarmT5URvBFeC2xsmczaL2UP LJt5bFMvYmNhW6PtgkWm/kmTDqPNcI14/qd4+cHWadZBoL0xJK1KYjZfp+hXLHwj zJaeLQlrtYBgC6Jr1F90NlJQ/DH97OHJz3WzdGsMXkiMlQKu6yEjE5jfQwrSxC7m VCurXwWSsuGSr0dZXL/DeMW4ry+XVR9AcKAVLLuFLrQiaXeXReDNndxgn1mCpdM= =gomR -----END PGP SIGNATURE-----