diff --git a/Dockerfile b/Dockerfile
index 5415e1a..09f11e7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,11 +10,33 @@ RUN apt-get update && apt-get install -y \
    libevent-dev \
    libssl-dev
 
-RUN curl https://dist.torproject.org/tor-${VERSION}.tar.gz | tar xz -C /tmp
-
-RUN cd /tmp/tor-${VERSION} && ./configure
-RUN cd /tmp/tor-${VERSION} && make
-RUN cd /tmp/tor-${VERSION} && make install
+# Get signing keys securely
+# Ref: https://www.torproject.org/docs/signing-keys.html.en
+RUN mkdir /tmp/gpg
+RUN chmod 700 /tmp/gpg
+# Roger Dingledine
+RUN gpg --homedir /tmp/gpg --keyserver keys.gnupg.net --recv 19F78451
+RUN gpg --homedir /tmp/gpg --export F65CE37F04BA5B360AE6EE17C218525819F78451 | gpg --import -
+# Nick Mathewson
+RUN gpg --homedir /tmp/gpg --keyserver keys.gnupg.net --recv 165733EA
+RUN gpg --homedir /tmp/gpg --export B35BF85BF19489D04E28C33C21194EBB165733EA | gpg --import -
+RUN rm -rf /tmp/gpg
+
+WORKDIR /tmp/
+
+RUN curl https://dist.torproject.org/tor-${VERSION}.tar.gz > tor.tar.gz
+RUN curl https://dist.torproject.org/tor-${VERSION}.tar.gz.asc > tor.tar.gz.asc
+
+# Verify source tarball
+RUN gpg --verify tor.tar.gz.asc
+
+RUN tar xzf tor.tar.gz
+RUN rm tor.tar.gz tor.tar.gz.asc
+
+WORKDIR /tmp/tor-${VERSION}
+RUN ./configure
+RUN make
+RUN make install
 
 ADD ./torrc /etc/torrc
 # Allow you to upgrade your relay without having to regenerate keys
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..5b320d8
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,5 @@
+#!/bin/bash
+build:
+	docker build -t tor-server .
+run:
+	docker rm -f tor-server 2> /dev/null; docker run -d --name tor-server tor-server