Update signature verification guide to include binaryFate and 0.16.0.0 release

docs/interacting/download-monero-binaries.md

@@ -24,13 +24,13 @@ Download the latest version matching your operating system and processor archite
 
 The CLI version is released earlier and is suitable for server deployments.
 
-The GUI version contains both CLI and GUI. It is preferable for end-users. 
+The GUI version contains both CLI and GUI. It is preferable for end-users.
 
 All versions contain a full node and a wallet.
 
-## Why prefer GitHub over getmonero.org? 
+## Why prefer GitHub over getmonero.org?
 
 Binaries appear earlier on GitHub.
 
 On top of that, if you fail to properly verify the signature, GitHub is safer, simply because you don't need to trust a separate website to not be compromised.
-Obviously, you should still carefully verify the signature for each release. Signature verification is always the primary line of defense.  
+Obviously, you should still carefully verify the signature for each release. Signature verification is always the primary line of defense.

docs/interacting/verify-monero-binaries.md

@@ -5,7 +5,7 @@ title: Verifying Monero Binaries Signature | Monero Documentation
 
 Verification must be carried on **before extracting the archive and before using Monero**.
 
-Instructions were tested on Linux. They should also work on macOS with slight modifications. 
+Instructions were tested on Linux. They should also work on macOS with slight modifications.
 
 ## 1. Import core dev PGP key
 
@@ -13,34 +13,34 @@ This is a one time action. Skip this step for subsequent Monero releases.
 
 Monero core developers sign a list of hashes of released binaries.
 
-Riccardo "fluffypony" Spagni is Monero core developer who signs the releases.
-Riccardo's public key is available on GitHub in the project source code.
-Import Riccardo's public key to your keyring:
+BinaryFate is Monero core developer who signs the releases.
+His public key is available on GitHub in the project source code.
+Import binaryFate's public key to your keyring:
 
-`curl https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc | gpg --import`
+`curl https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/binaryfate.asc | gpg --import`
 
-Trust Riccardo's public key (fingerprint must be exactly this):
+Trust binaryFate's public key (fingerprint must be exactly this):
 
-    gpg --edit-key 'BDA6BD7042B721C467A9759D7455C5E3C0CDCEB9'
+    gpg --edit-key '81AC591FE9C4B65C5806AFC3F0AF4D462A0BDF92'
     trust
-    4 
+    4
 
 !!! danger
     If key with this fingerprint was not found then remove imported key immediately (gpg --delete-keys ...).
     That would mean the key changed (likely was compromised).
 
-## 2. Verify signature of hash list  
+## 2. Verify signature of hash list (hashes.txt)
 
 The list of binaries and their hashes is published on [getmonero.org](https://www.getmonero.org/downloads/hashes.txt) and a few other places like release notes on [r/monero](https://reddit.com/r/monero).
-Please note the publication channel does not matter as long as you properly verify the signature!                                                                        u 
+Please note the publication channel does not matter as long as you properly verify the signature!                                                                        u
 
-To verify these are real hashes (not tampered with) run: 
+To verify these are real hashes (not tampered with) run:
 
-`curl https://www.getmonero.org/downloads/hashes.txt | gpg --verify` 
+`curl https://www.getmonero.org/downloads/hashes.txt | gpg --verify`
 
 The expected output should contain the line:
 
-`gpg: Good signature from "Riccardo Spagni <ric@spagni.net>" [full]`
+`gpg: Good signature from "binaryFate <binaryfate@getmonero.org>"`
 
 ## 3. Verify the hash
 
@@ -52,7 +52,7 @@ The last step is to compare published hash with downloaded archive SHA-256 hash.
 
 Replace the example file name with actual one:
 
-    file_name=monero-linux-x64-v0.14.0.0.tar.bz2
+    file_name=monero-gui-linux-x64-v0.16.0.0.tar.bz2
 
     file_hash=`sha256sum $file_name | cut -c 1-64`
 
@@ -62,9 +62,9 @@ Replace the example file name with actual one:
     gpg --verify /tmp/reference-hashes.txt
 
     # grep must print the hash (output cannot be empty)
-    grep $file_hash /tmp/reference-hashes.txt 
+    grep $file_hash /tmp/reference-hashes.txt
 
 !!! danger
     If the grep output is empty then double check everything because apparently the hashes don't match.
 
-If grep printed filename and a hash then everything is alright!
+If grep printed filename and hash then everything is alright!