The signature check process depends on the pgp/gnupg version you are using. Please refer the manual of your pgp/gnupg software for details on usage. There are step-by-step instructions for some of the most popular pgp/gnupg versions below. PGP-2.6.x (international release only): 1) Store the RSA distribution key in file SSH2-DISTRIBUTION-KEY-RSA.asc into your public keyring, in case thet is not already there. Commandline is `pgp SSH2-DISTRIBUTION-KEY-RSA.asc'. 2) Rename file ssh-X.Y.Z.tar.gz.sig-pgp2 to ssh-X.Y.Z.tar.gz.sig. X.Y.Z is the version number of the ssh release. 3) Run command `pgp ssh-X.Y.Z.tar.gz.sig'. If pgp can't find the file which the signature file applies to, it asks the filename from the user. The correct answer to the question is `ssh-X.Y.Z.tar.gz'. 4) Now pgp should give the message like: Good signature from user "Ssh 2 Distribution Key ". Signature made YYYY/MM/DD HH:MM GMT using 2048-bit key, key ID AFCA7459 5) Signature is verified. PGP-5.x: 1) Store the DSA distribution key in file SSH2-DISTRIBUTION-KEY-DSA.asc into your public keyring, in case thet is not already there. Commandline is `pgpk -a SSH2-DISTRIBUTION-KEY-DSA.asc'. 2) Rename file ssh-X.Y.Z.tar.gz.sig-pgp5 to ssh-X.Y.Z.tar.gz.sig. X.Y.Z is the version number of the ssh release. 3) Run command `pgpv ssh-X.Y.Z.tar.gz.sig'. If pgp can't find the file which the signature file applies to, it asks the filename from the user. The correct answer to the question is `ssh-X.Y.Z.tar.gz'. 4) Now pgp should give the message like: Good signature made YYYY-MM-DD HH:MM GMT GMT by key: 1024 bits, Key ID 83FB127C, Created 2000-06-13 "Ssh 2 Distribution Key " 5) Signature is verified. 6) If you have the international verison of pgp-5.x you can check also the RSA key. Then you should add also the RSA keyfile to your public keyring, and in phase 2, rename file ssh-X.Y.Z.tar.gz.sig-pgp2 to ssh-X.Y.Z.tar.gz.sig instead of ssh-X.Y.Z.tar.gz.sig-pgp5. With this signature, succesful verification message should look like: Good signature made YYYY-MM-DD HH:MM GMT GMT by key: 2048 bits, Key ID AFCA7459, Created 1998-07-11 "Ssh 2 Distribution Key " GnuPG-1.0.x: 1) Store the DSA distribution key in file SSH2-DISTRIBUTION-KEY-DSA.asc into your public keyring, in case thet is not already there. Commandline is `gpg --import SSH2-DISTRIBUTION-KEY-DSA.asc'. 2) Rename file ssh-X.Y.Z.tar.gz.sig-gpg to ssh-X.Y.Z.tar.gz.sig. X.Y.Z is the version number of the ssh release. 3) Run command `gpg --verify ssh-X.Y.Z.tar.gz.sig'. If gpg can't find the file which the signature file applies to, it asks the filename from the user. The correct answer to the question is `ssh-X.Y.Z.tar.gz'. 4) Now gpg should give the message like: Signature made Day DD Mon YYYY HH:YY:SS PM GMT using DSA key ID 83FB127C Good signature from "Ssh 2 Distribution Key " 5) Signature is verified. 6) With gpg, also other types of signatures can be verified. For RSA signature checking, the RSA plugin (international version) is needed. Consult the manual of your software for details. PGP-6.5.x: 1) Store the DSA distribution key into your keyring. 2) Rename file ssh-X.Y.Z.tar.gz.sig-pgp5 to ssh-X.Y.Z.tar.gz.sig. X.Y.Z is the version number of the ssh release. 3) Run command `pgp ssh-X.Y.Z.tar.gz.sig'. If pgp can't find the file which the signature file applies to, it asks the filename from the user. The correct answer to the question is `ssh-X.Y.Z.tar.gz'. 4) Now pgp should give the message like: Good signature from user "Ssh 2 Distribution Key ". Signature made YYYY/MM/DD HH:MM GMT 5) Signature is verified. 6) The international version of pgp-6.5.x is can check also the RSA signature. Consult your manual for details. Signature generated for gpg can't be checked with pgp-6.5.x. An attempt to do so, will most likely produce a message like: Bad signature from user "Ssh 2 Distribution Key ". So it's not even worth trying. Information About The Distribution Keys Following keys are used in signature generation: RSA 2048/AFCA7459 1998-07-11 Ssh 2 Distribution Key Ssh 2 Distribution Key Fingerprint: 2A 06 2C 83 F0 A6 72 52 3A 4D 4A FA 20 15 EE 74 DSA 1024/83FB127C 2000-06-13 Ssh 2 Distribution Key Ssh 2 Distribution Key Fingerprint: A348 205D F1D8 2297 0A46 D961 ED7B 28CD 83FB 127C