AppImage/Installers/Apps should come with PGP signatures for verification

It would be useful if downloadable applications for Bitwarden to come with PGP signatures so users can verify the authenticity and integrity of the downloaded software.

In some cases (such as .AppImage Linux distributions) you can also embed the signature [1]. This appears to be missing from the currently downloadable version.

$ ./Bitwarden-1.28.3-x86_64.AppImage --appimage-signature


As Bitwarden’s compiled/distributed applications are for a security sensitive purpose, I think it is essential that proper signing is in place. This happens with many other security sensitive applications already.

At bare minimum I’d suggest checksums for the downloadable software. If the user trusts their OS, browser, HTTPS and the servers this provides some assurance that the download is correct.

[1] Signing AppImages — AppImage documentation