keejef
/
session-android
mirror of https://github.com/oxen-io/session-android
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity

Update Signature Verification Instructions and Links (#908)

Browse Source 
* Update readme

Update signature verification instructions and links

* Update translation link

use https://getsession.org/translate instead of linking directly to crowdin

---------

Co-authored-by: ThomasSession <thomas.r@getsession.org>
pull/1709/head
Kee Jefferys 2 months ago committed by GitHub
parent 1215d227a8
commit 021674bf15
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File

22
README.md
Unescape Escape View File

@ -22,12 +22,14 @@ Build instructions can be found in [BUILDING.md](BUILDING.md).
## Translations
Want to help us translate Session into your language? You can do so [here](https://crowdin.com/project/session-crossplatform-strings)!
Want to help us translate Session into your language? You can do so at https://getsession.org/translate
## Verifying signatures
**Step 1:**
Add Jason's GPG key. Jason Rhinelander, a member of the [Session Technology Foundation](https://session.foundation/) and is the current signer for all Session Android releases. His GPG key can be found on his GitHub and other sources.
```
wget https://github.com/jagerman.gpg
gpg --import jagerman.gpg
@ -35,11 +37,11 @@ gpg --import jagerman.gpg
**Step 2:**
Get the signed hash for this release. `SESSION_VERSION` needs to be updated for the release you want to verify.
Get the signed hashes for this release. `SESSION_VERSION` needs to be updated for the release you want to verify.
```
export SESSION_VERSION=1.10.4
wget https://github.com/session-foundation/session-android/releases/download/$SESSION_VERSION/signatures.asc
export SESSION_VERSION=1.20.8
wget https://github.com/session-foundation/session-android/releases/download/$SESSION_VERSION/signature.asc
```
**Step 3:**
@ -47,18 +49,18 @@ wget https://github.com/session-foundation/session-android/releases/download/$SE
Verify the signature of the hashes of the files.
```
gpg --verify signatures.asc 2>&1 |grep "Good signature from"
gpg --verify signature.asc 2>&1 |grep "Good signature from"
```
The command above should print "`Good signature from "Kee Jefferys...`". If it does, the hashes are valid but we still have to make the sure the signed hashes matches the downloaded files.
The command above should print "`Good signature from "Jason Rhinelander...`". If it does, the hashes are valid but we still have to make the sure the signed hashes match the downloaded files.
**Step 4:**
Make sure the two commands below returns the same hash. If they do, files are valid.
Make sure the two commands below return the same hash for the file you are checking. If they do, file is valid.
```
sha256sum session-$SESSION_VERSION-universal.apk
grep universal.apk signatures.asc
grep universal.apk signature.asc
```
## License
@ -67,7 +69,9 @@ Copyright 2011 Whisper Systems
Copyright 2013-2017 Open Whisper Systems
Copyright 2019-2021 The Oxen Project
Copyright 2019-2024 The Oxen Project
Copyright 2024-2025 Session Technology Foundation
Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html

Write Preview
Loading…
Cancel
Save