This directory contains "armored detached" ascii signatures for the libpng-1.6.4 source files. Use this public key (which may be found at pgp.mit.edu among other places) Just search for "libpng" and select this one: pub 4096R/A16C640F 2013-05-31 Glenn Randers-Pehrson (libpng) and put the result in your public keyring. To verify, for example, libpng-1.6.4.tar.xz, download libpng-1.6.4.tar.xz.asc into the directory where you put the libpng-1.6.4.tar.xz, then type gpg --verify libpng-1.6.4.tar.xz.asc libpng-1.6.4.tar.xz (or put the equivalent of these two actions into your download/build script). If you know how to do the equivalent on a non-Linux platform, do that instead. Glenn