update readme with signatures verification

README.md

@@ -16,6 +16,45 @@ Please search for any [existing issues](https://github.com/loki-project/session-
 
 Build instructions can be found in [BUILDING.md](BUILDING.md).
 
+## Verifying signatures
+
+**Step 1:**
+
+Add Jason's GPG key. Jason Rhinelander, a member of the [Session Technology Foundation](https://session.foundation/) and is the current signer for all Session iOS releases. His GPG key can be found on his GitHub and other sources.
+
+```sh
+wget https://github.com/jagerman.gpg
+gpg --import jagerman.gpg
+```
+
+**Step 2:**
+
+Get the signed hashes for this release. `SESSION_VERSION` needs to be updated for the release you want to verify.
+
+```sh
+export SESSION_VERSION=2.9.1
+wget https://github.com/session-foundation/session-ios/releases/download/$SESSION_VERSION/signature.asc
+```
+
+**Step 3:**
+
+Verify the signature of the hashes of the files.
+
+```sh
+gpg --verify signature.asc 2>&1 |grep "Good signature from"
+```
+
+The command above should print "`Good signature from "Jason Rhinelander...`". If it does, the hashes are valid but we still have to make the sure the signed hashes match the downloaded files.
+
+**Step 4:**
+
+Make sure the two commands below return the same hash for the file you are checking. If they do, file is valid.
+
+```
+sha256sum session-$SESSION_VERSION.ipa
+grep .ipa signature.asc
+```
+
 ## Translations
 
 Want to help us translate Session into your language? You can do so at https://crowdin.com/project/session-ios!