From 57ea58ed06defd0ace65bac2f925833303c2d9d7 Mon Sep 17 00:00:00 2001 From: Niels Andriesse <9340958+nielsandriesse@users.noreply.github.com> Date: Mon, 24 May 2021 13:04:43 +1000 Subject: [PATCH] Update README --- README.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e3f06a301d..609ba64b58 100644 --- a/README.md +++ b/README.md @@ -20,23 +20,27 @@ Please search for any [existing issues](https://github.com/oxen-io/session-andro Build instructions can be found in [BUILDING.md](BUILDING.md). -## Verifing signatures +## Verifying signatures -Get Kee's key and import it: +**Step 1:** ``` wget https://raw.githubusercontent.com/oxen-io/oxen-core/master/utils/gpg_keys/KeeJef.asc gpg --import KeeJef.asc ``` -Get the signed hash for this release, the SESSION_VERSION needs to be updated for the release you want to verify +**Step 2:** + +Get the signed hash for this release. `SESSION_VERSION` needs to be updated for the release you want to verify. ``` export SESSION_VERSION=1.10.4 wget https://github.com/oxen-io/session-android/releases/download/$SESSION_VERSION/signatures.asc ``` -Verify the signature of the hashes of the files +**Step 3:** + +Verify the signature of the hashes of the files. ``` gpg --verify signatures.asc 2>&1 |grep "Good signature from" @@ -45,6 +49,8 @@ gpg --verify signatures.asc 2>&1 |grep "Good signature from" The command above should print "`Good signature from "Kee Jefferys...`" If it does, the hashes are valid but we still have to make the sure the signed hashes matches the downloaded files. +**Step 4:** + Make sure the two commands below returns the same hash. If they do, files are valid. @@ -59,6 +65,6 @@ Copyright 2011 Whisper Systems Copyright 2013-2017 Open Whisper Systems -Copyright 2019-2020 The Loki Project +Copyright 2019-2021 The Loki Project Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html