The binaries distributed on https://muwire.com are signed. The Windows and Mac binaries are signed with developer certificates, so they will not be covered in this document. The various binaries for Linux are signed with GPG, and you can verify them the following way:
Import the GPG key
Before you can verify you need to import the GPG key which you can find at https://keybase.io/zlatinb
Linux AppImage
The Linux AppImage has a GPG signature embedded in it. To validate, you need to build the validate tool from source, which is available at https://github.com/AppImage/AppImageKit/.
Linux .zip and CLI .tar validation
Download the MuWire-x.y.z.zip or MuWire-cli-x.y.z.tar as well as the GPG signature files. Then execute gpg --verify passing the signature and the binary as arguments:
gpg --verify MuWire-0.6.6.zip.sig MuWire-0.6.6.zip
gpg: Signature made Sat Nov 16 19:23:33 2019 EET using RSA key ID 2D525E41
gpg: Good signature from "Zlatin Balevsky (Personal key) <zlatinb@gmail.com>"