Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit db735007 authored by Wolf-Martell Montwé's avatar Wolf-Martell Montwé
Browse files

Add SHA-256 apk hashes

parent a6648377

README.md

+12 −2
Original line number Diff line number Diff line
@@ -73,8 +73,18 @@ our [blog post](https://blog.thunderbird.net/2023/07/k-9-mail-collaborates-with- 


You can report a security vulnerability [through the respective issues form](https://github.com/thunderbird/thunderbird-android/security/advisories/new).



Users can verify the downloaded apk from Github and F-Droid against following SHA-256 hash to ensure the app was properly signed with our signing key:

`B6:52:47:79:B3:DB:BC:5A:C1:7A:5A:C2:71:DD:B2:9D:CF:BF:72:35:78:C2:38:E0:3C:3C:21:78:11:35:6D:D1`

These are the SHA-256 fingerprints for our signing certificates:



- Thunderbird: `B6:52:47:79:B3:DB:BC:5A:C1:7A:5A:C2:71:DD:B2:9D:CF:BF:72:35:78:C2:38:E0:3C:3C:21:78:11:35:6D:D1`

- Thunderbird Beta: `05:6B:FA:FB:45:02:49:50:2F:D9:22:62:28:70:4C:25:29:E1:B8:22:DA:06:76:0D:47:A8:5C:95:57:74:1F:BD`

- K-9 Mail: `55:C8:A5:23:B9:73:35:F5:BF:60:DF:E8:A9:F3:E1:DD:E7:44:51:6D:93:57:E8:0A:92:5B:7B:22:E4:F5:55:24`



You can use the following command to retrieve and [verify](https://developer.android.com/tools/apksigner#usage-verify)

the certificate before installation:



```bash

apksigner verify -v --print-certs <path-to-apk>

```



## K-9 Mail