mjb34500,
A signed .zip file contains a special directory called META-INF. This META-INF directory contains three files, the MANFIFEST.MF, the CERT.SF, and the CERT.RSA file. The MANIFEST.MF contains a list of the all of the other files in the .zip file along with an SHA1 digest (checksum) of that file. The digest/checksums of the actual files in the .zip file can be compared with the digests contained in the MANIFEST.MF file which will guarantee the file's validity / integrity.
You can (and should) verify that validity / integrity of the radio file by at least validating its published MD5 checksum (
F15CF77B1C08CFB1F357E2574F386F5F from the thread linked to by Scott's post above) and/or by doing a
jarsigner -verify (which checks the aforementioned SHA1 digests in the MANIFEST.MF file). It just so happens that my (free, in the Market) app,
AFV (Android File Verifier) will do both of the above functions.
According to this thread
I think I figured out how to get past the bootloader HEHE - Page 3 - xda-developers, the CERT.SF contains SHA1 digests for the contents of the entries in the MANIFEST.MF file (pretty cool...I did not know this and will probably be adding an explicit check in my AFV app to double-check these too). The CERT.RSA is an RSA-encoded certificate, probably for the entire file.
Anyway, back to your last question: the root of your SD card is the top-level directory of the /sdcard--which is to say, not in any subdirectory of the /sdcard folder. If you are copying/moving the file from your PC and you've mounted your phone as "USB Mass Storage" (or similar phrasing), and it shows-up as the "G:" drive for example, then just drag and drop the radio file to the G: drive in Windows Explorer. Be sure to do a "safe eject" after doing this transfer and then, verify the MD5 checksum and the "
Verify Jar-type File" function if you are using the
AFV app.
Cheers!