Obtain official builds and check their signatures

This post is also available in: 日本語 Français Español Deutsch Nederlands Српски Português Български 简体中文

Securely Downloading official Vivaldi packages

To ensure you have an official version of Vivaldi, type “https://vivaldi.com/download/” and press “Enter”. On visiting this website, you should expect to see a padlocked badge in the URL field stating, “Vivaldi Technologies [NO]”. In almost all browsers, you can click the badge to view more details about the certificate.

Checking signatures

All official installation packages from Vivaldi are signed. You can check the signatures of these packages via the following methods:

Windows

Right-click on the installer package, then choose “Properties → Digital Signatures”. Here, “Vivaldi Technologies AS” should be listed. Selecting this and clicking “Details” should result in a new window that states, “This digital signature is OK”. For even more details, click on “View Certificate”.

macOS

Extract Vivaldi from the .dmg installation package and place it in “Applications”.

Open the “Terminal” application and enter the following:

codesign -dv --verbose=2 /Applications/Vivaldi.app

In the results there should be no errors about lack of signing and the “Authority” lines must include “Apple Root CA”, “Developer ID Certification Authority” and “Developer ID Application: Vivaldi Technologies AS (4XF3XNRN6Y)”.

You can also check if the application bundle is trusted by your system via the following command:

spctl --assess -vv /Applications/Vivaldi.app

For more information on examining macOS code signatures see the Apple developer documentation.

Linux

Unlike Windows and macOS, our Linux packages are self-signed. The public signing key is included within the packages and configured automatically during first install, meaning that your system will check it when you attempt to upgrade the application (via our official repositories), and will only proceed it if it is valid. If however, you want to manually check the package signatures, you first need to download and install the public key yourself.

Debian/Ubuntu

Open a terminal window and issue the following to fetch a copy of our public key, securely over https:

wget https://repo.vivaldi.com/stable/linux_signing_key.pub

Import the key into the GPG keyring of your local user:

gpg --import linux_signing_key.pub

You can now verify that the signature is valid, like so (adjust the file name to account for the current version and architecture):

dpkg-sig --verify vivaldi-stable_5.4.2753.47-1_amd64.deb

If everything is ok, it should return a result that includes “GOODSIG” and a 41 character, key ID that should end with “C27AA466”.

RPM-based

Import the key into the RPM database:

sudo rpm --import https://repo.vivaldi.com/stable/linux_signing_key.pub

You can now verify that the signature is valid, like so (adjust the file name to account for the current version and architecture):

rpm -Kv vivaldi-stable-5.4.2753.47-1.x86_64.rpm

The signature checks should return “OK” and key ID should be “c27aa466”.