Verify the Integrity of your Software Download V5.6 Build 008
TYPE | FILENAME | FILE SIZE |
Windows | SecurITree-setup.exe | 101,019,976 bytes |
UNIX/Linux | securitree.deb | 87,654,544 bytes |
Mac OS X M-chip | SecurITree-mchip.pkg | 93,639,841 bytes |
The integrity of Amenaza's SecurITree program can be confirmed in multiple ways. The first method uses the SHA-1 algorithm specified by NIST in FIPS 180-1 to compute a cryptographic hash or message digest of downloaded files.
SHA-1 Checksums:
TYPE | FILENAME | SHA-1 CHECKSUM |
Windows | SecurITree-setup.exe | c047129adb3fbd14e787f57e513ad55794faf658 |
UNIX/Linux | securitree.deb | 8cd4f67e50472eecf5fb463b824dceafe95703b9 |
Mac OS X M-chip | SecurITree-mchip.pkg | 0695e40b5053bdecbc89efdf554c5fb03304b73b |
Programs to compute and verify SHA-1 hashes are widely available. This makes it convenient for verifying that tampering of files has not occurred.
SHA-256 Checksums:
TYPE | FILENAME | SHA-256 CHECKSUM |
Windows | SecurITree-setup.exe | 9d0b1fc37204762841baa7f5ec28e34be6bcc0eb3a1688001f29c84ee82fac14 |
UNIX/Linux | securitree.deb | 47ae567fd61dff6ba0b0496cf69a08b8550f896a5fdae0c265a088a2c5c470d2 |
Mac OS X M-chip | SecurITree-mchip.pkg | f018a1b5d26a11eff8c2d6c2fad1e5c594c2bdb6e5b209ce19c04edb8d4661da |
These methods are not a 100% guarantee of integrity. If Amenaza's web server has been compromised it is possible that the intruder may have introduced viruses, worms, Trojan Horses or other malware into the downloadable files and then posted matching SHA-1 message digests on the website! The next integrity verification mechanism described below is a stronger guarantee of file integrity and should be used if SecurITree will be used in a sensitive environment or if there is any suspicion that the downloaded code has been compromised.
The downloadable files have been digitally signed using the OpenPGP standard and GNU Privacy Guard (GPG) software in conjunction with Amenaza's private software signing key. PGP/GPG software is available from OpenPGP (https://www.openpgp.org) and gnupg (https://www.gnupg.org).
PGP Signature Files:
TYPE | FILENAME | PGP SIGNATURE FILES |
Windows | SecurITree-setup.exe | SecurITree-setup.exe.asc |
UNIX/Linux | securitree.deb | securitree.deb.asc |
Mac OS X M-chip | SecurITree-mchip.pkg | SecurITree-mchip.pkg.asc |
You can verify the integrity of the above downloads using the public half of the Amenaza Software signing key pair. Amenaza's PGP/GPG public signing key is published on two Internet keyservers. You can download the public key from OpenPGP (https://keys.openpgp.org) by searching for "info@amenaza.com" or from Ubuntu (https://keyserver.ubuntu.com) using either the search string "info@amenaza.com" or "Amenaza Technologies Limited 2024". Note that this site cannot be queried using the LDAP utility built into most browsers.
Since the private half of the Amenaza Software signing key pair used to sign the files is not stored on the Amenaza web server it is NOT possible for an intruder to create a valid signature file even if they compromise the web server. It is, however, possible that the PGP key server may have had the Amenaza Software signing key replaced by a rogue key.
If you are operating in a sensitive environment we recommend that you contact Amenaza Technologies at 1-888-949-9797 (1-403-263-7737) to verify the signing key fingerprint in an 'Out of Band' manner.
Amenaza Software Signing Key Fingerprint:
104F EBE3 289A C9A6 A1A8 CE25 77AA CC95 390E 40B1
OR
assume | document | trouble | torpedo |
breadline | newsletter | spearhead | paragon |
ratchet | paramount | spyglass | caravan |
involve | pedigree | spigot | Montana |
classroom | Atlantic | crackdown | photograph |
License Manager Files:
Windows:
File Name | SecurITreeLicenseManager.exe |
File Size | 52,692,320 bytes |
SHA-1 Checksum | d48e03e21e68ac96030c14ddd069cdc77f82e22e |
SHA-256 Checksum | 6e5496014660ee16507444f2768bb658b740d05aed89a9bf139e45c1bacd90f0 |
PGP Signature | SecurITreeLicenseManager.exe.asc |
Unix:
File Name | amenazalicmgr_v5.deb |
File Size | 48,057,496 bytes |
SHA-1 Checksum | c11bf083b4753a810a5da3335f6210d606b74bfe |
SHA-256 Checksum | 7002fc95cda52aad1cfb359bb13907ff7111523bb28759a7245d0f27f48da001 |
PGP Signature | amenazalicmgr_v5.deb.asc |
Additionally, the Windows installation kit has been signed using a commercial software signing key that will be verified by the Microsoft Windows operating system during installation. The Apple installation kit has been signed and notarized using an Apple Developer signing key and will be verified by the Apple Gatekeeper during installation. The Ubuntu kit has been signed with Amenaza's PGP/GPG (see above) software signing key and can be verified during installation.