This may be outside the scope of this forum, but I’m posting as I would imagine there are others trying to download, install and validate a USB burner prior to its use.
I’ve looked at the following applications, but have not have found signature keys for any of these applications. Either I’m deft, or these authors don’t think it’s necessary to validate their s/w prior to use.
Universal USB Installer
(will only allow me to post 2 links)
Not sure about anyone else, but I’d certainly like to make sure the burner app I’m using is not installing malicous code onto my USB thumb drive prior to use.
If anyone has located the keys for any of these applications, I’d sure appreciate a link, cause I cannot find one.
I think I just answered my question, which I was able to find in the Rufus FAQ
They indeed seem to have a problem publishing their certificate and additional checksums,
there are number of open issues around this question, e.g. see Public key for verifying download signatures? - #21 by seth - balenaEtcher - balenaForums
If any of those are code-signed on Windows or MacOS, you can use the respective signtools to check which key they’ve used. Official code signing certificates for Windows (and I assume for MacOS, too) have to be verified from a chain from the operating system maker, so there is at least some trust the the company name (or organisation name) is correct. However if it is the correct organisation is much harder to find out.