Add links to PGP keys to installation instructions

source/includes/steps-install-verify-files-md5.yaml

@@ -0,0 +1,64 @@
+title: Download the MongoDB installation file.
+stepnum: 1
+ref: download-install-file
+action:
+   pre: |
+      Download the binaries from ``https://www.mongodb.org/downloads``
+      based on your environment.
+
+      For example, to download the ``2.6.0`` release for OS X through the
+      shell, type this command:
+   language: sh
+   code: |
+      curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz
+---
+title: Download the MD5 file.
+stepnum: 2
+ref: download-md5-file
+action:
+  - language: sh
+    code: |
+       curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz.md5
+---
+title: Verify the checksum values for the MongoDB installation file (OS X).
+stepnum: 3
+ref: verify-install-file
+action:
+  - pre: |
+      Enter this command:
+    language: sh
+    code: |
+      md5 mongodb-osx-x86_64-2.6.0.tgz
+  - pre: |
+      which will generate this result:
+    language: sh
+    code: |
+      MD5 (mongodb-osx-x86_64-2.6.0.tgz) = a937d49881f90e1a024b58d642011dc4
+  - pre: |
+      Enter this command:
+    language: sh
+    code: |
+      cat mongodb-osx-x86_64-2.6.0.tgz.md5
+  - pre: |
+      which will generate this result:
+    language: sh
+    code: |
+      a937d49881f90e1a024b58d642011dc4
+  - post: |
+      The output of the ``md5`` and ``cat`` commands should be identical.
+---
+title: Verify the MongoDB installation file (Linux).
+stepnum: 4
+ref: verify-install-file
+action:
+  - pre: |
+      Enter this command:
+    language: sh
+    code: |
+      md5sum -c mongodb-osx-x86_64-2.6.0.tgz.md5 mongodb-osx-x86_64-2.6.0.tgz
+  - pre: |
+      which will generate this result:
+    language: sh
+    code: |
+      mongodb-osx-x86_64-2.6.0-rc1.tgz ok
+...

source/includes/steps-install-verify-files-pgp.yaml

@@ -0,0 +1,72 @@
+title: Download the MongoDB installation file.
+stepnum: 1
+ref: download-install-file
+action:
+   pre: |
+      Download the binaries from ``https://www.mongodb.org/downloads``
+      based on your environment.
+
+      For example, to download the ``2.6.0`` release for OS X through the
+      shell, type this command:
+   language: sh
+   code: |
+      curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz
+---
+title: Download the public signature file.
+stepnum: 2
+ref: download-sig-file
+action:
+   language: sh
+   code: |
+      curl -LO http://downloads.mongodb.org/osx/mongodb-osx-x86_64-2.6.0.tgz.sig
+---
+title: Download then import the key file.
+stepnum: 3
+ref: download-key-file
+action:
+ - pre: |
+      If you have not downloaded and imported the key file, enter these commands:
+   language: sh
+   code: |
+      curl -LO https://www.mongodb.org/static/pgp/server-2.6.asc
+      gpg --import server-2.6.asc
+ - pre: |
+      You should receive this message:
+   language: sh
+   code: |
+      gpg: key AAB2461C: public key "MongoDB 2.6 Release Signing Key <[email protected]>" imported
+      gpg: Total number processed: 1
+      gpg:               imported: 1  (RSA: 1)
+---
+title: Verify the MongoDB installation file.
+stepnum: 4
+ref: verify-install-file
+action:
+ - pre: |
+     Type this command:
+   language: sh
+   code: |
+     gpg --verify mongodb-osx-x86_64-2.6.0.tgz.sig mongodb-osx-x86_64-2.6.0.tgz
+ - pre: |
+     You should receive this message:
+   language: sh
+   code: |
+     gpg: Signature made Thu Mar  6 15:11:28 2014 EST using RSA key ID AAB2461C
+     gpg: Good signature from "MongoDB 2.6 Release Signing Key <[email protected]>"
+ - pre: |
+     Download and import the key file, as described above, if you receive a
+     message like this one:
+   language: sh
+   code: |
+     gpg: Signature made Thu Mar  6 15:11:28 2014 EST using RSA key ID AAB2461C
+     gpg: Can't check signature: public key not found
+ - pre: |
+     Confirm you downloaded the installation file from the
+     http://www.mongodb.com domain if you receive a message similar to
+     this one:
+   language: sh
+   code: |
+     gpg: WARNING: This key is not certified with a trusted signature!
+     gpg:          There is no indication that the signature belongs to the owner.
+     Primary key fingerprint: DFFA 3DCF 326E 302C 4787  673A 01C4 E7FA AAB2 461C
+...

source/includes/toc-install-verify-files.yaml

@@ -0,0 +1,3 @@
+file: /tutorial/install-verify-files
+description: 'Documentation to verify the integrity of MongoDB software installation packages.'
+...

source/installation.txt

@@ -31,6 +31,8 @@ of MongoDB.
 
 .. include:: /includes/toc/installation-enterprise-landing.rst
 
+.. include:: /includes/toc/install-verify-files.rst
+
 First Steps with MongoDB
 ------------------------
 

source/tutorial/install-verify-files.txt

@@ -0,0 +1,45 @@
+====================================
+Verify Integrity of MongoDB Packages
+====================================
+
+.. default-domain:: mongodb
+
+Overview
+--------
+
+For your security, MongoDB digitally signs all software packages to
+certify MongoDB created the software and confirm the software is not
+altered.
+
+Use MD5 or a public key to validate the software signature before
+installation and deployment. MD5 compares a hash generated by MongoDB from
+the software. Public keys decrypt a hash generated from the software and
+encrypted by MongoDB with a private key.
+
+MongoDB signs each release branch with a different MD5 hash. The public
+``.asc`` and ``.pub`` key files for each branch are available for
+download. For example, the version 2.2 keys are at these URLs:
+
+.. code-block:: ini
+
+   https://www.mongodb.org/static/pgp/server-2.2.asc
+   https://www.mongodb.org/static/pgp/server-2.2.pub
+
+where ``2.2`` is the release number and the file extension is either
+``.asc`` or ``.pub``. Replace ``2.2`` with the appropriate release number
+to download public keys.
+
+Keys currently are available for the 2.2., 2.4, and 2.6 releases.
+
+Procedures
+----------
+
+Use PGP/GPG
+~~~~~~~~~~~
+
+.. include:: /includes/steps/install-verify-files-pgp.rst
+
+Use MD5
+~~~~~~~
+
+.. include:: /includes/steps/install-verify-files-md5.rst