Is there a 'preferred' method of validating/using keys? I had a recommendation earlier for using gnugpg (although I'm somewhat new to Linux, so I'm still learning about keys and usage), but I just downloaded a fresh copy of Apache and they recommend validating using either pgp/gpg or md5. I read the man page on md5 (actually openssl dgst -md5), and typed the following on the command line: openssl dgst -md5 -verify httpd-2.0.50.tar.gz The response was that there was no signature to verify, use the -signature option. so - openssl dgst -md5 -signature httpd-2.0.50.tar.gz; this seems to be waiting for my input (unless I didn't correctly interpret the man page here). John Dangler
