Add authenticity section in README

README.md

@@ -35,3 +35,37 @@ async-psec = "0.3"
 
 # Documentation
 The API documentation can be found [here](https://docs.rs/async-psec).
+
+# Authenticity
+If you want to use this crate in a critical project, I don't recommend to use [crates.io](https://crates.io). Instead, download the code from the repository:
+```
+git clone https://forge.chapril.org/hardcoresushi/async-psec
+```
+And add this to your Cargo.toml:
+```toml
+[patch.crates-io]
+async-psec = { path = "<path to the async-psec folder>" }
+```
+All commits should be signed with my PGP key. __Don't use this crate if the verification fails !__
+
+You can import my key from keyservers with:
+```
+gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 007F84120107191E
+```
+Fingerprint: `BD56 2147 9E7B 74D3 6A40  5BE8 007F 8412 0107 191E` \
+Email: `Hardcore Sushi <hardcore.sushi@disroot.org>`
+
+Once imported, verify the latest commit:
+```
+cd async-psec
+git verify-commit HEAD
+```
+This should show you something like:
+```
+gpg: Signature made <date>
+gpg:                using RSA key BD5621479E7B74D36A405BE8007F84120107191E
+gpg: Good signature from "Hardcore Sushi <hardcore.sushi@disroot.org>" [unknown]
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: BD56 2147 9E7B 74D3 6A40  5BE8 007F 8412 0107 191E
+```