Update README

This commit is contained in:
Niels Andriesse 2021-05-24 13:04:43 +10:00 committed by GitHub
parent d47d07aa13
commit 57ea58ed06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -20,23 +20,27 @@ Please search for any [existing issues](https://github.com/oxen-io/session-andro
Build instructions can be found in [BUILDING.md](BUILDING.md).
## Verifing signatures
## Verifying signatures
Get Kee's key and import it:
**Step 1:**
```
wget https://raw.githubusercontent.com/oxen-io/oxen-core/master/utils/gpg_keys/KeeJef.asc
gpg --import KeeJef.asc
```
Get the signed hash for this release, the SESSION_VERSION needs to be updated for the release you want to verify
**Step 2:**
Get the signed hash for this release. `SESSION_VERSION` needs to be updated for the release you want to verify.
```
export SESSION_VERSION=1.10.4
wget https://github.com/oxen-io/session-android/releases/download/$SESSION_VERSION/signatures.asc
```
Verify the signature of the hashes of the files
**Step 3:**
Verify the signature of the hashes of the files.
```
gpg --verify signatures.asc 2>&1 |grep "Good signature from"
@ -45,6 +49,8 @@ gpg --verify signatures.asc 2>&1 |grep "Good signature from"
The command above should print "`Good signature from "Kee Jefferys...`"
If it does, the hashes are valid but we still have to make the sure the signed hashes matches the downloaded files.
**Step 4:**
Make sure the two commands below returns the same hash.
If they do, files are valid.
@ -59,6 +65,6 @@ Copyright 2011 Whisper Systems
Copyright 2013-2017 Open Whisper Systems
Copyright 2019-2020 The Loki Project
Copyright 2019-2021 The Loki Project
Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html