Since version 18.3.1 all releases hosted on nanolx.org contain a SHA256 checksum and GPG signature to check their validity. AFH does provide the SHA256 checksum on the downloads summary page, but does not allow to upload a GPG signature.
You can obtain the public part of my GPG key from:
* download the public key from [photonic.asc](https://download.nanolx.org/NanoDroid/Stable/photonic.asc)
* import it using `gpg --import photonic.asc`
* download and import using `gpg` from pgp.mit.edu: