asc
signature file for the particular distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using % pgpk -a KEYS
% pgpv ${filename}.tar.gz.asc
or % pgp -ka KEYS
% pgp ${filename}.tar.gz.asc
or % gpg --import KEYS
% gpg --verify ${filename}.tar.gz.asc
md5
or md5sum
is included in many Unix distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from here, here, or here.