[mfwoods]

For those that don't want to enable Javascript, these are the hidden Linux instructions:

  $ curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -
  $ echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
  $ sudo apt update && sudo apt install signal-desktop

[frabbit]

How are we supposed to verify keys.asc?

(To be a bit more explicit: searching for either the pub (57F6FB06) or sub(0E46390F) keys on hkps.pool.sks-keyservers.net returns no result)

[mfwoods]

Just because it's on a keyserver doesn't mean it's trustworthy. Keyservers do no verification of any kind on the keys they host.

If you(r system) trust the certificate that https://updates.signal.org/ is using, you should be confident that you are getting the correct keys.

(You shouldn't trust a stranger on the internet, but I am getting the same keys when I download them.)