diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 67de1dd8..6f8fb3b9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -307,6 +307,16 @@ jobs:
       - name: Create zip archive
         run: zip -r TermQ-${{ steps.version.outputs.VERSION }}.zip TermQ.app
 
+      - name: Sign zip for Sparkle
+        env:
+          SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
+        run: |
+          SIGN_UPDATE=".build/artifacts/sparkle/Sparkle/bin/sign_update"
+          ZIP="TermQ-${{ steps.version.outputs.VERSION }}.zip"
+          SIG=$(echo "$SPARKLE_PRIVATE_KEY" | "$SIGN_UPDATE" --ed-key-file - -p "$ZIP")
+          echo "$SIG" > "${ZIP}.sig"
+          echo "✅ EdDSA signature: $SIG"
+
       - name: Generate checksums
         run: |
           shasum -a 256 TermQ-${{ steps.version.outputs.VERSION }}.dmg > checksums.txt
@@ -324,6 +334,7 @@ jobs:
           files: |
             TermQ-${{ steps.version.outputs.VERSION }}.dmg
             TermQ-${{ steps.version.outputs.VERSION }}.zip
+            TermQ-${{ steps.version.outputs.VERSION }}.zip.sig
             checksums.txt
           body: |
             ## Installation
diff --git a/scripts/generate-appcast.sh b/scripts/generate-appcast.sh
index 2723504c..c6644b8f 100755
--- a/scripts/generate-appcast.sh
+++ b/scripts/generate-appcast.sh
@@ -214,11 +214,18 @@ generate_appcast() {
             continue
         fi
 
-        # Signature would be read from a signatures file if available
+        # Fetch EdDSA signature from the .zip.sig release asset
         local signature=""
-        local sig_file="${OUTPUT_DIR}/signatures/${tag}.sig"
-        if [[ -f "$sig_file" ]]; then
-            signature=$(cat "$sig_file")
+        local sig_url
+        sig_url=$(echo "$release" | jq -r '[.assets[] | select(.name | endswith(".zip.sig"))][0].browser_download_url // empty')
+        if [[ -n "$sig_url" && "$sig_url" != "null" ]]; then
+            signature=$(curl -sS "$sig_url" 2>/dev/null | tr -d '[:space:]')
+            if [[ -n "$signature" ]]; then
+                log_info "Found EdDSA signature for $tag"
+            fi
+        fi
+        if [[ -z "$signature" ]]; then
+            log_warn "No EdDSA signature found for $tag — Sparkle update validation will fail"
         fi
 
         items+=$(generate_item "$tag" "$title" "$pub_date" "$body" "$download_url" "$file_size" "$signature")