From c474d89a657fb93873662d0dec70a150bcc15585 Mon Sep 17 00:00:00 2001
From: Michael Sproul <michael@sigmaprime.io>
Date: Fri, 12 Jan 2024 22:49:51 +1100
Subject: [PATCH] docs: instructions for GPG verification (#6032)

---
 book/installation/binaries.md | 44 ++++++++++++++++++++++++++++++++++-
 1 file changed, 43 insertions(+), 1 deletion(-)

diff --git a/book/installation/binaries.md b/book/installation/binaries.md
index c34539630..f25d756a7 100644
--- a/book/installation/binaries.md
+++ b/book/installation/binaries.md
@@ -15,4 +15,46 @@ paru -S reth # Stable
 paru -S reth-git # Unstable (git)
 ```
 
-[paru]: https://github.com/Morganamilo/paru
\ No newline at end of file
+[paru]: https://github.com/Morganamilo/paru
+
+## Signature Verification
+
+You can verify the integrity of a Reth release by checking the signature using GPG.
+
+The release signing key can be fetched from the Ubuntu keyserver using the following command:
+
+```bash
+gpg --keyserver keyserver.ubuntu.com --recv-keys A3AE097C89093A124049DF1F5391A3C4100530B4
+```
+
+A copy of the key is also included [below](#release-signing-key). Once you have
+imported the key you can verify a release signature (`.asc` file) using a
+command like this:
+
+```bash
+gpg --verify reth-v0.1.0-alpha.14-x86_64-unknown-linux-gnu.tar.gz.asc reth-v0.1.0-alpha.14-x86_64-unknown-linux-gnu.tar.gz
+```
+
+Replace the filenames by those corresponding to the downloaded Reth release.
+
+### Release Signing Key
+
+Releases are signed using the key with ID `A3AE097C89093A124049DF1F5391A3C4100530B4`.
+
+```none
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZGLCSBYJKwYBBAHaRw8BAQdA/q69cDkzdUx6EwEoWK7sbm59zsHda7Hgmcq+
+7kCg69q0aEdlb3JnaW9zIEtvbnN0YW50b3BvdWxvcyAoVGhpcyBpcyB0aGUga2V5
+IHVzZWQgYnkgZ2Frb25zdCB0byBzaWduIFJldGggcmVsZWFzZXMpIDxnZW9yZ2lv
+c0BwYXJhZGlnbS54eXo+iJkEExYKAEEWIQSjrgl8iQk6EkBJ3x9TkaPEEAUwtAUC
+ZGLCSAIbAwUJAeEzgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBTkaPE
+EAUwtHvmAQD+w+HZgZkkSqEiQ3XtD8ewRV3rgqFzWsFl+9GGrdmcDAD6AuqcSyAd
+yxuMf0tgQDrDLiuXpuWZUsZGvkuzBiiCjwG4OARkYsJIEgorBgEEAZdVAQUBAQdA
+tJr3Fle2P/hK+jscCquv5mdptWofGRJwUH3QYLmRlSwDAQgHiH4EGBYKACYWIQSj
+rgl8iQk6EkBJ3x9TkaPEEAUwtAUCZGLCSAIbDAUJAeEzgAAKCRBTkaPEEAUwtO77
+AP0S+qlwRMbPpsG3No2i2c3Wa5DVqSdHhXpafbRAK9bsCAD+PaytDqwrWJecTyyi
+Yg+BMVPJie5ItWPcUCuEYdj/uAM=
+=Ao8Q
+-----END PGP PUBLIC KEY BLOCK-----
+```