This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-python-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:27:10 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 6c8feb0108c35c20a43d4dd4854f33b3b21cb84d * md5sum 16985a527705a81865ffc250026a246e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3CEAAoJEIXCXpWhbrlN+cIIAKlTVQQW/r9lHPI4GlVx4ViG YCJqKroB9W0QPLbM0TXlq/+rTMvAChtiOtk1WprgRQUdLZxUuTjCHxrscI/68QE/ f7AFR44Ws1terJSs7LLu5M4YIVaMyXVLuniJgk90lN3e0tYDfuIxaeGBeWmEyGie rNM1SP5BljA7QAav/dVxDj3UnsRi1ezuOSdql3EB4Vk82rx8ictP4YjUeni+yaTK H/IApMkRZGj6oXhQH5REx2oNk0smBSSkpaD20jCL4zUnOO+R3XdT3KM35J4IvgVX VeAWibn9YluzslMNpn4QrUeRxRE7jSZpPhicb437SW6iuvh2vqVDQQnEj1Lcu6s= =JeIc -----END PGP SIGNATURE-----