To get started, download the latest version of the verifier from the bottom of this page along with the PGP signature file for the selected architecture.
The Rumble Verifier is always signed by PGP Key ID AE96EC3E8E1F27C6.
To validate the signature of the Rumble Verifier for Windows 64-bit, you will need a GPG client and to run the following commands.
c:\> curl https://keybase.io/hdm/pgp_keys.asc | gpg --import c:\> gpg --verify rumble-verifier-1.0.3-windows-amd64.exe.asc
Successful validation will show a valid signature by key ID
gpg: Signature made Wed 05 Jun 2019 06:39:03 PM EDT gpg: using RSA key CEC20C193A94F31CE670C668AE96EC3E8E1F27C6
The warning below is expected and does not indicate a problem with the signature:
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
Once the Rumble Verifier itself has been validated, it can be used to check the signature of any Rumble binary:
c:\> rumble-verifier-1.0.3-windows-amd64.exe rumble-agent-0.5.30-windows-amd64.exe rumble-agent-0.5.30-windows-amd64.exe: VALID SIGNATURE
A failed validation will show the error
Invalid or missing signature and the verifier will set exit status to 1.