This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-java-12.0-squeeze-x86.iso.sig gpg: Signature made Sat Aug 18 16:55:54 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 19ac6d5c7ffaa95ad315f38778b18e73e8588bc1 * md5sum f08a4cb5f0d134338abb8233709eca23 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQL8kJAAoJEIXCXpWhbrlN9yYH/R+pk/29vI/Qk4ijgPwN/Lum YykUABFfg0sD9OJaOpOhpO92EVsqShtepj5jKY3pPWc0gkwngqt/xA1FPIs/gsTA 8RvjW/2DlTayJzWY/15T8YdbtNaRHq0uC1bY6aBG2x5qwVNJfNgLf0FKNZ3KiHfb rh36TAO/M8xO8/9VQA7V1rgY/VSeXTSoRuFoYx3N/Lb56rSo7K7Fdr2KZYx6Y4K1 0Bg0nFl/JcNm3/qZ9IwFaVov0fb3ndJgCyXVMLvAPtrKgAaz/mImGfXr57a4kVGL ViR/tj9fOQWjBULwtoCXUNHGdaFhgwR7jAuNXwpJeUgHRRy7vgPQj7Pj0qA3Nyk= =SK3m -----END PGP SIGNATURE-----