strongDM Binary Verification

The method by which verification of strongDM binary files may be performed is via the binary verification endpoint. The endpoint uses a Secure Hash Algorithm (SHA) that allows for increased file exchange security. Downloaded binary files for the strongDM Client, Windows Service Installer, and Gateways may be compared via the endpoint to verify that they are authentic. This article describes how to use the endpoint to display a hash value to validate that the downloaded binary is the authentic version without revealing the contents of the file.

The endpoint may be reached at:


When calling the endpoint, you can pass the following query arguments: os, arch, software, version, and/or variant.

Example with arguments:

Query arguments

Query argumentDescriptionPossible valuesRequirement
osOperating systemdarwin, docker, linux, windowsRequired
archArchitectureamd64, arm64, universal, 386Required
softwarestrongDM CLI or GUIsdm-cli, sdm-guiRequired
versionVersion numberXX.YY.ZRequired
variantvariantfull, relay, staticOptional

Acceptable query argument combinations


Usage Example

You can use the endpoint to validate any strongDM binary. This particular example shows how to use the endpoint to validate the downloaded CLI binary.


Note that depending on your distribution, your commands for downloading files, verifying checksums, and so forth may be different from what is shown here. These steps are provided for example purposes only.

  1. Get the download link to your binary file. (See the Download & Install section of the Admin UI for all binaries.)

    In the following example, we use Curl to get the download link to the CLI binary for our production instance. In return, we get the link to a ZIP file with a SHA hash value.

    $ curl
    <a href="">Temporary Redirect</a>.

    Alternatively, you can use the upgrade path to get a download link to your CLI binary with a SHA hash value.

    $ curl ''
  2. Download the file:

  3. Call the endpoint with your query parameters to get SHA hash values:

    $ curl ''
  4. Verify the SHA-256 checksum of the downloaded file, as in the following example. When the SHA-256 hash value is returned, compare it to the one that was returned in Step 3. If the checksums are identical, you know the downloaded file is a legitimate copy.

    $ sha256sum

    The following is an alternative way to verify the checksum:

    $ echo "4daf27a474a7e0f38ab452fa0b8afba70851741362784b574e841d01e53f8ede" | sha256sum --check OK

If any errors occur, please copy them into an email and send them to