This file shortly describes the signature system used on dist.schmorp.de, and possibly other servers, that refer to this key. You can verify signatures with the openbsd signify tool: https://www.openbsd.org/papers/bsdcan-signify.html The signify tool itself is available from openbsd, but also in many GNU/Linux distributions (e.g. "signify-openbsd" in Debian GNU/Linux). The public key to verify the signatures is available from: http://dist.schmorp.de/signing-key.pub The public key file is itself is signed with my GPG key: http://dist.schmorp.de/signing-key.pub.gpg.sig To verify a signature, use this command, when you have both and .sig: signify -V -p signing-key.pub -m