Add SHA-256 apk hashes

thunderbird · Dec 5, 2024 · 113d662 · 113d662
1 parent a664837
commit 113d662
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -73,8 +73,20 @@ our [blog post](https://blog.thunderbird.net/2023/07/k-9-mail-collaborates-with-
 
 You can report a security vulnerability [through the respective issues form](https://github.com/thunderbird/thunderbird-android/security/advisories/new).
 
-Users can verify the downloaded apk from Github and F-Droid against following SHA-256 hash to ensure the app was properly signed with our signing key:
-`B6:52:47:79:B3:DB:BC:5A:C1:7A:5A:C2:71:DD:B2:9D:CF:BF:72:35:78:C2:38:E0:3C:3C:21:78:11:35:6D:D1`
+### Verifying the Apk Signature
+
+To ensure the APK you downloaded from GitHub or F-Droid is authentic, you can verify its SHA-256 hash against the
+following official values:
+
+- Thunderbird: `B6:52:47:79:B3:DB:BC:5A:C1:7A:5A:C2:71:DD:B2:9D:CF:BF:72:35:78:C2:38:E0:3C:3C:21:78:11:35:6D:D1`
+- Thunderbird Beta: `05:6B:FA:FB:45:02:49:50:2F:D9:22:62:28:70:4C:25:29:E1:B8:22:DA:06:76:0D:47:A8:5C:95:57:74:1F:BD`
+- K-9 Mail: `55:C8:A5:23:B9:73:35:F5:BF:60:DF:E8:A9:F3:E1:DD:E7:44:51:6D:93:57:E8:0A:92:5B:7B:22:E4:F5:55:24`
+
+To verify the SHA-256 hash of the APK, use the following command in your terminal:
+
+```bash
+keytool -printcert -jarfile <path-to-apk>
+```
 
 ## K-9 Mail