From f5c65c90ef711fc91f9104d90075677ffcb6617e Mon Sep 17 00:00:00 2001
From: Victoria Nadasdi <efertone@pm.me>
Date: Sun, 7 Jan 2024 10:30:51 +0100
Subject: [PATCH] docs: add signing key info to readme

Signed-off-by: Victoria Nadasdi <efertone@pm.me>
---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index ee8294f..f96481f 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,17 @@ or [Homebrew](https://brew.sh/):
 brew install totp-cli
 ```
 
+#### Signing key
+
+On release, there is a checksum file for all generated artefacts. This file is
+signed with the [66EA13043E6CDBA67A5D85AB71BD3AD93E8B6ABF](https://keys.openpgp.org/search?q=66EA13043E6CDBA67A5D85AB71BD3AD93E8B6ABF)
+GPG key.
+
+```
+gpg --keyserver keys.openpgp.org --search 66EA13043E6CDBA67A5D85AB71BD3AD93E8B6ABF
+gpg --verify totp-cli_{{.Version}}_checksums.txt.sig
+```
+
 #### Upgrading from totp-cli v1.2.7 or below
 
 Starting with totp-cli v1.2.8 a [more secure storage