Rumble binary verification

Rumble uses uses dynamically generated binaries for the Rumble Scanner and Rumble Explorer downloads. Although Windows binaries have a valid Authenticode signature, all binaries also contain a secondary, internal signature. Dynamic binaries make it easy to deploy explorers that connect back to the right organization, but present a challenge for independent integrity validation. To enable verification of the internal signature, we offer the Rumble Verifier. This verification tool can confirm whether a given binary contains a valid internal signature, in addition to any existing Authenticode signatures.

To get started, download the latest version of the verifier from the bottom of this page along with the PGP signature file for the selected architecture.

The Rumble Verifier is always signed by PGP Key ID [AE96EC3E8E1F27C6][https://keybase.io/hdm].

To validate the signature of the Rumble Verifier for Windows 64-bit, you will need a [GPG][https://gpg4win.org/download.html] client and to run the following commands:

C:\> curl https://keybase.io/hdm/pgp_keys.asc | gpg --import
C:\> gpg --verify rumble-verifier-2.0.2-windows-amd64.exe.asc

Successful validation will show a valid signature by key ID CEC20C193A94F31CE670C668AE96EC3E8E1F27C6.

gpg: Signature made Wed 05 Jun 2019 06:39:03 PM EDT
gpg: using RSA key CEC20C193A94F31CE670C668AE96EC3E8E1F27C6

The warning below is expected and does not indicate a problem with the signature:

gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

Once the Rumble Verifier itself has been validated, it can be used to check the signature of any Rumble binary:

C:\> rumble-verifier-2.0.2-windows-amd64.exe rumble-explorer-0.5.30-windows-amd64.exe
rumble-explorer-1.0.0-windows-amd64.exe: VALID SIGNATURE

A failed validation will show the error Invalid or missing signature and the verifier will set exit status to 1.

Binary downloads

Windows

Build PGP sig SHA hash
Rumble Verifier x86 64-bit pgp signature sha-256
Rumble Verifier x86 32-bit pgp signature sha-256

Linux

Build PGP sig SHA hash
Rumble Verifier x86 64-bit pgp signature sha-256
Rumble Verifier x86 32-bit pgp signature sha-256
Additional Linux builds
Build PGP sig SHA hash
Rumble Verifier ARM v5 32-bit pgp signature sha-256
Rumble Verifier ARM v6 32-bit pgp signature sha-256
Rumble Verifier ARM v7 32-bit pgp signature sha-256
Rumble Verifier ARM 64-bit (aarch64) pgp signature sha-256
Rumble Verifier PPC 64-bit Little Endian pgp signature sha-256
Rumble Verifier MIPS 32-bit Big Endian pgp signature sha-256
Rumble Verifier MIPS 32-bit Little Endian pgp signature sha-256
Rumble Verifier MIPS 64-bit Big Endian pgp signature sha-256
Rumble Verifier MIPS 64-bit Little Endian pgp signature sha-256
Rumble Verifier S390X pgp signature sha-256

MacOS

Build PGP sig SHA hash
Rumble Verifier x86 64-bit pgp signature sha-256
Rumble Verifier ARM 64-bit pgp signature sha-256

BSD Variants

FreeBSD
Build PGP sig SHA hash
Rumble Verifier x86 64-bit pgp signature sha-256
Rumble Verifier x86 32-bit pgp signature sha-256
Rumble Verifier ARM v6 32-bit pgp signature sha-256
Rumble Verifier ARM v7 32-bit pgp signature sha-256
NetBSD
Build PGP sig SHA hash
Rumble Verifier x86 64-bit pgp signature sha-256
Rumble Verifier x86 32-bit pgp signature sha-256
Rumble Verifier ARM v5 32-bit pgp signature sha-256
Rumble Verifier ARM v6 32-bit pgp signature sha-256
Rumble Verifier ARM v7 32-bit pgp signature sha-256
Dragonfly
Build PGP sig SHA hash
Rumble Verifier 64-bit pgp signature sha-256
OpenBSD
Build PGP sig SHA hash
Rumble Verifier 64-bit pgp signature sha-256