From 021674bf156952ebb5428824033d580fb911bd63 Mon Sep 17 00:00:00 2001
From: Kee Jefferys <kee@loki.network>
Date: Mon, 10 Feb 2025 13:48:55 +1100
Subject: [PATCH] Update Signature Verification Instructions and Links (#908)

* Update readme

Update signature verification instructions and links

* Update translation link

use https://getsession.org/translate instead of linking directly to crowdin

---------

Co-authored-by: ThomasSession <thomas.r@getsession.org>
---
 README.md | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 02dc1999f5..e52ae35eb3 100644
--- a/README.md
+++ b/README.md
@@ -22,12 +22,14 @@ Build instructions can be found in [BUILDING.md](BUILDING.md).
 
 ## Translations
 
-Want to help us translate Session into your language? You can do so [here](https://crowdin.com/project/session-crossplatform-strings)!
+Want to help us translate Session into your language? You can do so at https://getsession.org/translate
 
 ## Verifying signatures
 
 **Step 1:**
 
+Add Jason's GPG key. Jason Rhinelander, a member of the [Session Technology Foundation](https://session.foundation/) and is the current signer for all Session Android releases. His GPG key can be found on his GitHub and other sources.
+
 ```
 wget https://github.com/jagerman.gpg
 gpg --import jagerman.gpg
@@ -35,11 +37,11 @@ gpg --import jagerman.gpg
 
 **Step 2:**
 
-Get the signed hash for this release. `SESSION_VERSION` needs to be updated for the release you want to verify.
+Get the signed hashes for this release. `SESSION_VERSION` needs to be updated for the release you want to verify.
 
 ```
-export SESSION_VERSION=1.10.4
-wget https://github.com/session-foundation/session-android/releases/download/$SESSION_VERSION/signatures.asc
+export SESSION_VERSION=1.20.8
+wget https://github.com/session-foundation/session-android/releases/download/$SESSION_VERSION/signature.asc
 ```
 
 **Step 3:**
@@ -47,18 +49,18 @@ wget https://github.com/session-foundation/session-android/releases/download/$SE
 Verify the signature of the hashes of the files.
 
 ```
-gpg --verify signatures.asc 2>&1 |grep "Good signature from"
+gpg --verify signature.asc 2>&1 |grep "Good signature from"
 ```
 
-The command above should print "`Good signature from "Kee Jefferys...`". If it does, the hashes are valid but we still have to make the sure the signed hashes matches the downloaded files.
+The command above should print "`Good signature from "Jason Rhinelander...`". If it does, the hashes are valid but we still have to make the sure the signed hashes match the downloaded files.
 
 **Step 4:**
 
-Make sure the two commands below returns the same hash. If they do, files are valid.
+Make sure the two commands below return the same hash for the file you are checking. If they do, file is valid.
 
 ```
 sha256sum session-$SESSION_VERSION-universal.apk
-grep universal.apk signatures.asc
+grep universal.apk signature.asc
 ```
 
 ## License
@@ -67,7 +69,9 @@ Copyright 2011 Whisper Systems
 
 Copyright 2013-2017 Open Whisper Systems
 
-Copyright 2019-2021 The Oxen Project
+Copyright 2019-2024 The Oxen Project
+
+Copyright 2024-2025 Session Technology Foundation
 
 Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html