Verify the Integrity of your Software Download V5.0 Build 009

TYPE FILENAME FILE SIZE
Windows Install SecurITree-setup.exe 79,102,376 bytes
UNIX/Linux Install securitree.deb 70,068,412 bytes
Mac OS X Install SecurITree.zip 75,001,960 bytes

The integrity of Amenaza's SecurITree program can be confirmed in three ways. The first method uses the SHA-1 algorithm specified by NIST in FIPS 180-1 to compute a cryptographic hash or message digest of downloaded files.

SHA-1 Checksums:

TYPE FILENAME SHA-1 CHECKSUM
Windows Install SecurITree-setup.exe 40e0c3773b0f603f58d7e5144e06eeb54a4cf76b
UNIX/Linux Install securitree.deb f6ec58934f17575ba0819951911222cc1cd96491
Mac OS X Install SecurITree.zip 57617eaedf67f2ce72defdad217bfb175c6816e5

Programs to compute and verify SHA-1 hashes are widely available. This makes it convenient for verifying that tampering of files has not occurred.

SHA-256 Checksums:

TYPE FILENAME SHA-256 CHECKSUM
Windows Install SecurITree-setup.exe 8816c700eadd999a3c0bb11d4f8ec8a22ff8b46438273692542d0de2473fd146
UNIX/Linux Install securitree.deb 3c1f5676c7ef5e60cba1f1d8bb914e29a1b635988dd6a9bf28926fa8c28aaed6
Mac OS X Install SecurITree.zip ee71c48714a1b73ecd752ba4069636c20294a6d350dabe6933dba16c3cc7f67c

These methods are not a 100% guarantee of integrity. If Amenaza's web server has been compromised it is possible that the intruder may have introduced viruses, worms, Trojan Horses or other malware into the downloadable files and then posted matching SHA-1 message digests on the website! The next integrity verification mechanism described below is a stronger guarantee of file integrity and should be used if SecurITree will be used in a sensitive environment or if there is any suspicion that the downloaded code has been compromised.

The downloadable files have been digitally signed using Pretty Good Privacy (PGP) software and/or GNU Privacy Guard. This software is available commercially from https://www.pgp.com or as freeware from https://www.gnupg.org.

PGP Signature Files:

TYPE FILENAME PGP SIGNATURE FILES
Windows Install SecurITree-setup.exe SecurITree-setup.exe.asc
UNIX/Linux Install securitree.deb securitree.deb.asc
Mac OS X Install SecurITree.zip SecurITree.zip.asc

The public half of the Amenaza Software signing key pair can be obtained from the PGP keyserver (https://keyserver.pgp.com) using the PGP Key Management utility. Search for "Amenaza Technologies Limited Software Signing Key" or "support@amenaza.com". Note that this site cannot be queried using the LDAP utility built into most browsers.

Since the private half of the Amenaza Software signing key pair used to sign the files is not stored on the Amenaza web server it is NOT possible for an intruder to create a valid signature file even if they compromise the web server. It is, however, possible that the PGP key server may have had the Amenaza Software signing key replaced by a rogue key.

If you are operating in a sensitive environment we recommend that you contact Amenaza Technologies at 1-888-949-9797 (1-403-263-7737) to verify the signing key fingerprint in an 'Out of Band' manner.

Amenaza Software Signing Key Fingerprint:

AE31 1695 86F5 BF87 0384 5314 D4F9 ABC2 D654 5B79

OR

robust company backward Montana
necklace visitor slingshot liberty
acme Jupiter dwelling belowground
steamship Waterloo rhythm repellent
stockman equation erase inertia