To create a signature file:

Create a key:
	gpg --gen-key	(follow the instructions)

Create a separate sig file:
	gpg -b hdf5.tar
OR
	gpg -b --armor hdf5.tar

Which can then be verified with
	gpg --verify hdf5.tar.gpg
OR
	gpg --verify hdf5.tar.asc


To create an MD5 checksum:

Find the checksum:
	md5sum hdf5.tar > hdf5.tar.md5

Which can then be verified:
	mdf5sum --check hdf5.tar.md5

Alternately, we can just post the output from md5sum hdf5.tar on our
website, and let users read it and compare it themselves.