This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-appengine-go_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 08:15:10 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 6d634fab4a3e68dff4fb308974794cc058946daa * md5sum c0544aee5c4871abd57cd908635c644f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXksIAAoJEIXCXpWhbrlNoXwIAMN6flQEzTNWs3vxe3jepJQ2 CMcZw47fLyM2auoQckxFRJzbg2MmR/0Ahxu3vXJFD37xqAG6o+WD2FX87jzbH2h/ ShgJB1CCeAgfif1DW4HAICGAJb9Plh+WriscL9hgw/E5wU48e0YIrfIr3T0MLYhN B15XcqLTfv8QVXr57Isw0kJT0I4nKOy8UFJ83kq3KJLHsgg8a0QIMQXm0BJtxy0J By3kX7IZZY3W+9CZtAbyJa+TJP9TxsVA3jnR5qkuczGLjxIbHPdLxaWD6rk0ssOs Lz+5pvssz+qMme8fTVKVSwqYICDk0XMSwNF3edSyh/hRVVW2b4VqOOsdZCmiC0E= =yyoU -----END PGP SIGNATURE-----