From b7821598a339fa493113693117ec5a11c97e4ed4 Mon Sep 17 00:00:00 2001
From: Andrew David Wong <adw@andrewdavidwong.com>
Date: Fri, 6 Nov 2020 12:29:42 -0800
Subject: [PATCH] Add prep section for installing PGP verification programs

This is a first step toward improving the instructions for non-Linux
users (QubesOS/qubes-issues#6191, #1076).
---
 project-security/verifying-signatures.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md
index e5c9078d..28aabd51 100644
--- a/project-security/verifying-signatures.md
+++ b/project-security/verifying-signatures.md
@@ -52,6 +52,24 @@ There are three basic steps in this process:
 
 If you run into any problems, please consult the [Troubleshooting FAQ] below.
 
+
+### Preparation
+
+Before we begin, you'll need a program that can verify PGP signatures.
+Any such program will do, but here are some examples for popular operating systems:
+
+**Windows:** [Gpg4win](https://gpg4win.org/download.html).
+Use the Windows command line (`cmd.exe`) to enter commands.
+
+**Mac:** [GPG Suite](https://gpgtools.org/).
+Open a terminal to enter commands.
+
+**Linux:** `gpg2` from your package manager or from [gnupg.org](https://gnupg.org/download/index.html).
+Open a terminal to enter commands.
+
+The commands below will use `gpg2`, but if that doesn't work for you, try `gpg` instead.
+
+
 ### 1. Get the Qubes Master Signing Key and verify its authenticity
 
 Every file published by the Qubes Project (ISO, RPM, TGZ files and Git repositories) is digitally signed by one of the developer keys or Release Signing Keys.