To verify the pgp signature of white_dune with gpg use (you need "curl" and "gpg"): curl -o/tmp/gpg http://www.cacert.org/certs/cacert.asc && gpg --import /tmp/gpg curl -o/tmp/gpg https://wdune.ourproject.org/mufti.asc && gpg --import /tmp/gpg gpg --verify wdune-*.tar.bz2.sig wdune-*.tar.bz2 You should see something like: gpg: Signature made ??? gpg: using RSA key 7686907C86109D8A31A004AC3005F9A641282A81 gpg: Good signature from "Jörg Scheurich (white_dune upstream) " [ultimate]