This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-python-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 19:46:38 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 095e0858ff95ae14e625a6ef8ff7a7c69d3f64f0 * md5sum e3d8c6935b5f4e34e420a8a5365ad083 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkQPAAoJEIXCXpWhbrlNyIQH/i1rxXjLFyskYJIg4QTGxE2v Ab/VbyKKTEZ87xCYvtE+OOqt+1Ny0dp7iXJhrHz3WgCZ9blhV1zv2V8CpFAqoJa1 VwY/87hwYM71+perGG8Tsx+6t7fJ+8O9pFnOMbEKyW5Sa1GOCq4vIS0URfMoiPT8 ggb1X8zeGyeig5jrJ674MtWHvqNT42biYxtakLulCfw0xNNAX2IBRvSA10+PYdfv zmwqrJ0aKnMQLBz+6yty/Z+2Es8TsNWRrUWFIpsCB8KlsrZJJwSMeKGAoW4uWyi0 /fPG8EpJsbRV/8etdbJbfSORDVRmbLkLYzlfnZQNB2CoMbirLmraZNChPK0MjT8= =kZ6k -----END PGP SIGNATURE-----