fix: spelling errors

README.md

@@ -5,7 +5,7 @@ The simple multisig toolchain for git repos.
 ## Features
 
   * Attach any number of signatures to any given git ref
-  * Verify git history contains a minimum threshold of unique commit siguatures
+  * Verify git history contains a minimum threshold of unique commit signatures
   * Verify signatures belong to a defined GPG alias group
   * Verify code changes made since last time minimum valid signatures were present
   * Allow user to manually verify new keys and add to alias groups on the fly
@@ -129,7 +129,7 @@ In spite of many popular claims to the contrary, PGP is still the most well
 supported protocol for distribution, verification, and signing for keys held
 by individual humans. It is also the only protocol with wide HSM support
 allowing you to keep keys out of system memory and require physical approval
-for each operation. E.G a trezor, ledger, yubikey, etc.
+for each operation. E.G a trezor, ledger, YubiKey, etc.
 
 Admittedly the GnuPG codebase itself is a buggy dated mess, but PGP as a spec
 is still Pretty Good for many use cases. A recent modern rewrite by a number
@@ -156,7 +156,7 @@ See: [The Update Framework](https://theupdateframework.io)
 
 Openssl has HSM support via OpenSC that is fairly well supported via PKSC#11.
 
-Contributions suggesting this an alterantive backend to OpenPGP are welcome,
+Contributions suggesting this an alternative backend to OpenPGP are welcome,
 however they would have to also come with methods for key discovery and pinned
 key groups via configuration files of some kind.
 
@@ -168,6 +168,6 @@ These alternatives have poor if any support for HSM workflows and thus put
 private keys at too much risk of theft or loss to recommend for general use at
 this time.
 
-That said, verifying folders/repos that use these methods is certianly of value
+That said, verifying folders/repos that use these methods is certainly of value
 and contributions to support doing this on systems where those tools are
 available are welcome.