Add user instructions for verifying our signatures

Add a section for our end-users in INSTALL.md, that explains how to
verify that our Dangerzone assets have been signed by our advertised
signing key.

This section explains what are the .asc files that users see next to our
release assets, and how they can verify each asset individually using
GPG.

Closes #761

INSTALL.md

@@ -201,3 +201,91 @@ pass it a file to sanitize.
 ## Build from source
 
 If you'd like to build from source, follow the [build instructions](BUILD.md).
+
+## Verifying PGP signatures
+
+You can verify that the package you download is legitimate and hasn't been
+tampered with by verifying its PGP signature. For Windows and macOS, this step
+is optional and provides defense in depth: the Dangerzone binaries include
+operating system-specific signatures, and you can just rely on those alone if
+you'd like.
+
+### Signing key
+
+Our binaries are signed with a PGP key owned by Freedom of the Press Foundation:
+* Name: Dangerzone Release Key
+* PGP public key fingerprint [`DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281`](https://keys.openpgp.org/vks/v1/by-fingerprint/DE28AB241FA48260FAC9B8BAA7C9B38522604281>).
+
+You must have GnuPG installed to verify signatures. For macOS you probably want
+[GPGTools](https://gpgtools.org/), and for Windows you probably want
+[Gpg4win](https://www.gpg4win.org/).
+
+### Signatures
+
+Our [GitHub Releases page](https://github.com/freedomofpress/dangerzone/releases)
+hosts the following files:
+* Windows installer (`Dangerzone-<version>.msi`)
+* macOS archives (`Dangerzone-<version>-<arch>.dmg`)
+* Container image (`container.tar.gz`)
+* Source package (`dangerzone-<version>.tar.gz`)
+
+All these files are accompanied by signatures (as `.asc` files). We'll explain
+how to verify them below, using `0.6.1` as an example.
+
+### Verifying
+
+Once you have imported the Dangerzone release key into your GnuPG keychain,
+downloaded the binary and ``.asc`` signature, you can verify the binary in a
+terminal like this:
+
+For the Windows binary:
+
+```
+gpg --verify Dangerzone-0.6.1.msi.asc Dangerzone-0.6.1.msi
+```
+
+For the macOS binaries (depending on your architecture):
+
+```
+gpg --verify Dangerzone-0.6.1-arm64.dmg.asc Dangerzone-0.6.1-arm64.dmg
+gpg --verify Dangerzone-0.6.1-i686.dmg.asc Dangerzone-0.6.1-i686.dmg
+```
+
+For the container image:
+
+```
+gpg --verify container.tar.gz.asc container.tar.gz
+```
+
+We also hash all the above files with SHA-256, and provide a list of these
+hashes as a separate file (`checksums-0.6.1.txt`). This file is signed as well,
+and the signature is embedded within it. You can download this file and verify
+it with:
+
+```
+gpg --verify checksums.txt
+```
+
+The expected output looks like this:
+
+```
+gpg: Signature made Mon Apr 22 09:29:22 2024 PDT
+gpg:                using RSA key 04CABEB5DD76BACF2BD43D2FF3ACC60F62EA51CB
+gpg: Good signature from "Dangerzone Release Key <[email protected]>" [unknown]
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: DE28 AB24 1FA4 8260 FAC9  B8BA A7C9 B385 2260 4281
+     Subkey fingerprint: 04CA BEB5 DD76 BACF 2BD4  3D2F F3AC C60F 62EA 51CB
+```
+
+If you don't see `Good signature from`, there might be a problem with the
+integrity of the file (malicious or otherwise), and you should not install the
+package.
+
+The `WARNING:` shown above, is not a problem with the package, it only means you
+haven't defined a level of "trust" for Dangerzone's PGP key.
+
+If you want to learn more about verifying PGP signatures, the guides for
+[Qubes OS](https://www.qubes-os.org/security/verifying-signatures/) and the
+[Tor Project](https://support.torproject.org/tbb/how-to-verify-signature/) may
+be useful.