tweak README [skip ci]

README.md

@@ -29,7 +29,7 @@ GitHub and replaces itself.
 - Many archive and compression formats are supported (zip, tar, gzip, xzip)
 - Support private repositories
 - Support [GitHub Enterprise][]
-- Support hash, signature validation
+- Support hash, signature validation (thanks to [@tobiaskohlbau](https://github.com/tobiaskohlbau))
 
 And small wrapper CLIs are provided:
 
@@ -41,6 +41,8 @@ And small wrapper CLIs are provided:
 [go-github-selfupdate]: https://github.com/rhysd/go-github-selfupdate
 [GitHub Releases API]: https://developer.github.com/v3/repos/releases/
 
+
+
 ## Try Out Example
 
 Example to understand what this library does is prepared as [CLI](./cmd/selfupdate-example/main.go).
@@ -81,6 +83,8 @@ Following tools are using this library.
 - [akashic](https://github.com/cowlick/akashic)
 - [butler](https://github.com/netzkern/butler)
 
+
+
 ## Usage
 
 ### Code Usage
@@ -225,6 +229,7 @@ API does not work without authentication.
 If your GitHub Enterprise instance's upload URL is different from the base URL, please also set `EnterpriseUploadURL`
 field
 
+
 ### Naming Rules of Released Binaries
 
 go-github-selfupdate assumes that released binaries are put for each combination of platforms and archs.
@@ -299,6 +304,7 @@ In summary, structure of releases on GitHub looks like:
 Tags which don't contain a version number are ignored (i.e. `nightly`). And releases marked
 as `pre-release` are also ignored.
 
+
 ### Hash or Signature Validation
 
 go-github-selfupdate supports hash or signature validatiom of the downloaded files. It comes
@@ -317,7 +323,7 @@ type Validator interface {
 }
 ```
 
-## SHA256
+#### SHA256
 
 To verify the integrity by SHA256 generate a hash sum and save it within a file which has the
 same naming as original file with the suffix `.sha256`.
@@ -326,7 +332,7 @@ For e.g. use sha256sum, the file `selfupdate/testdata/foo.zip.sha256` is generat
 sha256sum foo.zip > foo.zip.sha256
 ```
 
-## ECDSA
+#### ECDSA
 To verify the signature by ECDSA generate a signature and save it within a file which has the
 same naming as original file with the suffix `.sig`.
 For e.g. use openssl, the file `selfupdate/testdata/foo.zip.sig` is generated with:
@@ -337,9 +343,11 @@ openssl dgst -sha256 -sign Test.pem -out foo.zip.sig foo.zip
 go-github-selfupdate makes use of go internal crypto package. Therefore the used private key
 has to be compatbile with FIPS 186-3.
 
-### Development
 
-#### Running tests
+
+## Development
+
+### Running tests
 
 All library sources are put in `/selfupdate` directory. So you can run tests as following
 at the top of the repository:
@@ -360,7 +368,8 @@ Above command run almost all tests and it's enough to check the behavior before
 Some tests are still not tested because they depend on my personal API access token, though; for repositories
 on GitHub Enterprise or private repositories on GitHub.
 
-#### Debugging
+
+### Debugging
 
 This library can output logs for debugging. By default, logger is disabled.
 You can enable the logger by following and can know the details of the self update.
@@ -369,12 +378,15 @@ You can enable the logger by following and can know the details of the self upda
 selfupdate.EnableLog()
 ```
 
-#### CI
+
+### CI
 
 Tests run on CIs (Travis CI, Appveyor) are run with the token I generated. However, because of security
 reason, it is not used for the tests for pull requests. In the tests, a GitHub API token is not set and
 API rate limit is often exceeding. So please ignore the test failures on creating a pull request.
 
+
+
 ## Dependencies
 
 This library utilizes
@@ -396,6 +408,8 @@ This library utilizes
 [semver]: https://github.com/blang/semver
 [xz]: https://github.com/ulikunitz/xz
 
+
+
 ## What is different from [tj/go-update][]?
 
 This library goal is the same as tj/go-update, but it's different in following points.
@@ -410,6 +424,8 @@ tj/go-update:
 
 [tj/go-update]: https://github.com/tj/go-update
 
+
+
 ## License
 
 Distributed under the [MIT License](LICENSE)

selfupdate/validate.go

@@ -46,7 +46,7 @@ type ECDSAValidator struct {
 }
 
 // Validate validates the ECDSA signature the release against the signature
-// contained in an addtional asset file.
+// contained in an additional asset file.
 // additional asset file.
 func (v *ECDSAValidator) Validate(input, signature []byte) error {
 	h := sha256.New()