Verify the Integrity of your Software Download V5.6 Build 008

TYPE FILENAME FILE SIZE
Windows SecurITree-setup.exe 101,019,976 bytes
UNIX/Linux securitree.deb 87,654,544 bytes
Mac OS X M-chip SecurITree-mchip.pkg 93,639,841 bytes

The integrity of Amenaza's SecurITree program can be confirmed in multiple ways. The first method uses the SHA-1 algorithm specified by NIST in FIPS 180-1 to compute a cryptographic hash or message digest of downloaded files.

SHA-1 Checksums:

TYPE FILENAME SHA-1 CHECKSUM
Windows SecurITree-setup.exe c047129adb3fbd14e787f57e513ad55794faf658
UNIX/Linux securitree.deb 8cd4f67e50472eecf5fb463b824dceafe95703b9
Mac OS X M-chip SecurITree-mchip.pkg 0695e40b5053bdecbc89efdf554c5fb03304b73b

Programs to compute and verify SHA-1 hashes are widely available. This makes it convenient for verifying that tampering of files has not occurred.

SHA-256 Checksums:

TYPE FILENAME SHA-256 CHECKSUM
Windows SecurITree-setup.exe 9d0b1fc37204762841baa7f5ec28e34be6bcc0eb3a1688001f29c84ee82fac14
UNIX/Linux securitree.deb 47ae567fd61dff6ba0b0496cf69a08b8550f896a5fdae0c265a088a2c5c470d2
Mac OS X M-chip SecurITree-mchip.pkg f018a1b5d26a11eff8c2d6c2fad1e5c594c2bdb6e5b209ce19c04edb8d4661da

These methods are not a 100% guarantee of integrity. If Amenaza's web server has been compromised it is possible that the intruder may have introduced viruses, worms, Trojan Horses or other malware into the downloadable files and then posted matching SHA-1 message digests on the website! The next integrity verification mechanism described below is a stronger guarantee of file integrity and should be used if SecurITree will be used in a sensitive environment or if there is any suspicion that the downloaded code has been compromised.

The downloadable files have been digitally signed using the OpenPGP standard and GNU Privacy Guard (GPG) software in conjunction with Amenaza's private software signing key. PGP/GPG software is available from OpenPGP (https://www.openpgp.org) and gnupg (https://www.gnupg.org).

PGP Signature Files:

TYPE FILENAME PGP SIGNATURE FILES
Windows SecurITree-setup.exe SecurITree-setup.exe.asc
UNIX/Linux securitree.deb securitree.deb.asc
Mac OS X M-chip SecurITree-mchip.pkg SecurITree-mchip.pkg.asc

You can verify the integrity of the above downloads using the public half of the Amenaza Software signing key pair. Amenaza's PGP/GPG public signing key is published on two Internet keyservers. You can download the public key from OpenPGP (https://keys.openpgp.org) by searching for "info@amenaza.com" or from Ubuntu (https://keyserver.ubuntu.com) using either the search string "info@amenaza.com" or "Amenaza Technologies Limited 2024". Note that this site cannot be queried using the LDAP utility built into most browsers.

Since the private half of the Amenaza Software signing key pair used to sign the files is not stored on the Amenaza web server it is NOT possible for an intruder to create a valid signature file even if they compromise the web server. It is, however, possible that the PGP key server may have had the Amenaza Software signing key replaced by a rogue key.

If you are operating in a sensitive environment we recommend that you contact Amenaza Technologies at 1-888-949-9797 (1-403-263-7737) to verify the signing key fingerprint in an 'Out of Band' manner.

Amenaza Software Signing Key Fingerprint:

104F EBE3 289A C9A6 A1A8 CE25 77AA CC95 390E 40B1

OR

assume document trouble torpedo
breadline newsletter spearhead paragon
ratchet paramount spyglass caravan
involve pedigree spigot Montana
classroom Atlantic crackdown photograph

License Manager Files:

Windows:

File Name SecurITreeLicenseManager.exe
File Size 52,692,320 bytes
SHA-1 Checksum d48e03e21e68ac96030c14ddd069cdc77f82e22e
SHA-256 Checksum 6e5496014660ee16507444f2768bb658b740d05aed89a9bf139e45c1bacd90f0
PGP Signature SecurITreeLicenseManager.exe.asc

Unix:

File Name amenazalicmgr_v5.deb
File Size 48,057,496 bytes
SHA-1 Checksum c11bf083b4753a810a5da3335f6210d606b74bfe
SHA-256 Checksum 7002fc95cda52aad1cfb359bb13907ff7111523bb28759a7245d0f27f48da001
PGP Signature amenazalicmgr_v5.deb.asc

Additionally, the Windows installation kit has been signed using a commercial software signing key that will be verified by the Microsoft Windows operating system during installation. The Apple installation kit has been signed and notarized using an Apple Developer signing key and will be verified by the Apple Gatekeeper during installation. The Ubuntu kit has been signed with Amenaza's PGP/GPG (see above) software signing key and can be verified during installation.