From b06f7320153612c00bfed4dcca36e39ec0afc012 Mon Sep 17 00:00:00 2001
From: Audric Ackermann <audric@loki.network>
Date: Mon, 24 May 2021 13:20:20 +1000
Subject: [PATCH] add instructions to verify signatures in readme (#1651)

---
 README.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/README.md b/README.md
index d16e9c083..1855f8500 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,39 @@ Please search for any [existing issues](https://github.com/oxen-io/session-deskt
 
 Build instructions can be found in [BUILDING.md](BUILDING.md).
 
+
+## Verifing signatures
+
+
+Get Kee's key and import it:
+```
+wget https://raw.githubusercontent.com/oxen-io/oxen-core/master/utils/gpg_keys/KeeJef.asc
+gpg --import KeeJef.asc
+```
+
+Get the signed hash for this release, the SESSION_VERSION needs to be updated for the release you want to verify
+```
+export SESSION_VERSION=1.6.1
+wget https://github.com/oxen-io/session-desktop/releases/download/v$SESSION_VERSION/signatures.asc
+```
+
+Verify the signature of the hashes of the files
+
+```
+gpg --verify signatures.asc 2>&1 |grep "Good signature from"
+```
+
+The command above should print "`Good signature from "Kee Jefferys...`"
+If it does, the hashes are valid but we still have to make the sure the signed hashes matches the downloaded files.
+
+Make sure the two commands below returns the same hash.
+If they do, files are valid
+```
+sha256sum session-desktop-linux-amd64-$SESSION_VERSION.deb
+grep .deb signatures.asc
+```
+
+
 ## Debian repository
 
 Please visit https://deb.oxen.io/<br/>