Verify the Integrity of SecurITree V5.6 Build 008 - With IT Library

TYPE FILENAME FILE SIZE
Windows SecurITree-setup.exe 103,487,520 bytes
UNIX/Linux securitree.deb 89,939,850 bytes
Mac OS X M-chip SecurITree-mchip.pkg 96,118,150 bytes

The integrity of Amenaza's SecurITree program can be confirmed in multiple ways. The first method uses the SHA-1 algorithm specified by NIST in FIPS 180-1 to compute a cryptographic hash or message digest of downloaded files.

SHA-1 Checksums:

TYPE FILENAME SHA-1 CHECKSUM
Windows SecurITree-setup.exe fdf2e24d913e010f1d9bda06120a1131cab4c780
UNIX/Linux securitree.deb d57d1c61ccd2ac48a53df4c6549434533069912f
Mac OS X M-chip SecurITree-mchip.pkg 9ef50b1995279c9240659d7278d8b382ef05467b

Programs to compute and verify SHA-1 hashes are widely available. This makes it convenient for verifying that tampering of files has not occurred.

SHA-256 Checksums:

TYPE FILENAME SHA-256 CHECKSUM
Windows SecurITree-setup.exe 37b703ff102af18ef6002a365ed50db452cb69c46dee28b6e4096f60528bfbd0
UNIX/Linux securitree.deb b25b0e83869821cf302f910851a128883d16c9dcf3a06d2e22fe2b3bbe69f306
Mac OS X M-chip SecurITree-mchip.pkg 87bfaccf223ec585b8783d223130bcef5cc33122e082f1126e30347ad5b7df54

These methods are not a 100% guarantee of integrity. If Amenaza's web server has been compromised it is possible that the intruder may have introduced viruses, worms, Trojan Horses or other malware into the downloadable files and then posted matching SHA-1 message digests on the website! The next integrity verification mechanism described below is a stronger guarantee of file integrity and should be used if SecurITree will be used in a sensitive environment or if there is any suspicion that the downloaded code has been compromised.

The downloadable files have been digitally signed using the OpenPGP standard and GNU Privacy Guard (GPG) software in conjunction with Amenaza's private software signing key. PGP/GPG software is available from OpenPGP (https://www.openpgp.org) and gnupg (https://www.gnupg.org).

PGP Signature Files:

TYPE FILENAME PGP SIGNATURE FILES
Windows SecurITree-setup.exe SecurITree-setup.exe.asc
UNIX/Linux securitree.deb securitree.deb.asc
Mac OS X M-chip SecurITree.pkg SecurITree-mchip.pkg.asc

You can verify the integrity of the above downloads using the public half of the Amenaza Software signing key pair. Amenaza's PGP/GPG public signing key is published on two Internet keyservers. You can download the public key from OpenPGP (https://keys.openpgp.org) by searching for "info@amenaza.com" or from Ubuntu (https://keyserver.ubuntu.com) using either the search string "info@amenaza.com" or "Amenaza Technologies Limited 2024". Note that this site cannot be queried using the LDAP utility built into most browsers.

Since the private half of the Amenaza Software signing key pair used to sign the files is not stored on the Amenaza web server it is NOT possible for an intruder to create a valid signature file even if they compromise the web server. It is, however, possible that the PGP key server may have had the Amenaza Software signing key replaced by a rogue key.

If you are operating in a sensitive environment we recommend that you contact Amenaza Technologies at 1-888-949-9797 (1-403-263-7737) to verify the signing key fingerprint in an 'Out of Band' manner.

Amenaza Software Signing Key Fingerprint:

104F EBE3 289A C9A6 A1A8 CE25 77AA CC95 390E 40B1

OR

assume document trouble torpedo
breadline newsletter spearhead paragon
ratchet paramount spyglass caravan
involve pedigree spigot Montana
classroom Atlantic crackdown photograph

License Manager Files:

Windows:

File Name SecurITreeLicenseManager.exe
File Size 52,692,320 bytes
SHA-1 Checksum d48e03e21e68ac96030c14ddd069cdc77f82e22e
SHA-256 Checksum 6e5496014660ee16507444f2768bb658b740d05aed89a9bf139e45c1bacd90f0
PGP Signature SecurITreeLicenseManager.exe.asc

Unix:

File Name amenazalicmgr_v5.deb
File Size 48,057,496 bytes
SHA-1 Checksum c11bf083b4753a810a5da3335f6210d606b74bfe
SHA-256 Checksum 7002fc95cda52aad1cfb359bb13907ff7111523bb28759a7245d0f27f48da001
PGP Signature amenazalicmgr_v5.deb.asc

Additionally, the Windows installation kit has been signed using a commercial software signing key that will be verified by the Microsoft Windows operating system during installation. The Apple installation kit has been signed and notarized using an Apple Developer signing key and will be verified by the Apple Gatekeeper during installation. The Ubuntu kit has been signed with Amenaza's PGP/GPG (see above) software signing key and can be verified during installation.