Verify the Integrity of your Software Download V5.2 Build 011

TYPE	FILENAME	FILE SIZE
Windows Install	SecurITree-setup.exe	88,196,456 bytes
UNIX/Linux Install	securitree.deb	78,309,484 bytes
Mac OS X Install	SecurITree.pkg	84,851,055 bytes

The integrity of Amenaza's SecurITree program can be confirmed in three ways. The first method uses the SHA-1 algorithm specified by NIST in FIPS 180-1 to compute a cryptographic hash or message digest of downloaded files.

SHA-1 Checksums:

TYPE	FILENAME	SHA-1 CHECKSUM
Windows Install	SecurITree-setup.exe	9d023956aeeaca33268526c777055945718d46d2
UNIX/Linux Install	securitree.deb	0f3ea805e82fce8acf78abf28d61adfe1321e12f
Mac OS X Install	SecurITree.pkg	32eacdc2903a8f441976ebd003a706e061557aac

Programs to compute and verify SHA-1 hashes are widely available. This makes it convenient for verifying that tampering of files has not occurred.

SHA-256 Checksums:

TYPE	FILENAME	SHA-256 CHECKSUM
Windows Install	SecurITree-setup.exe	8c6e5406139113cebe35029b250a7ec7dd4fac047d8f7f763c9b61b7fa09cf8a
UNIX/Linux Install	securitree.deb	902a60d7e3959741059675975dc8455b39e629a1c26a3ecb5d4c206daddc5462
Mac OS X Install	SecurITree.pkg	37502198594a91736c332a0e76a5ffb1ce00a2b6cacf851cf8c60a5a36ee0002

These methods are not a 100% guarantee of integrity. If Amenaza's web server has been compromised it is possible that the intruder may have introduced viruses, worms, Trojan Horses or other malware into the downloadable files and then posted matching SHA-1 message digests on the website! The next integrity verification mechanism described below is a stronger guarantee of file integrity and should be used if SecurITree will be used in a sensitive environment or if there is any suspicion that the downloaded code has been compromised.

The downloadable files have been digitally signed using Pretty Good Privacy (PGP) software and/or GNU Privacy Guard. This software is available commercially from https://www.pgp.com or as freeware from https://www.gnupg.org.

PGP Signature Files:

TYPE	FILENAME	PGP SIGNATURE FILES
Windows Install	SecurITree-setup.exe	SecurITree-setup.exe.asc
UNIX/Linux Install	securitree.deb	securitree.deb.asc
Mac OS X Install	SecurITree.pkg	SecurITree.pkg.asc

The public half of the Amenaza Software signing key pair can be obtained from the PGP keyserver (https://keyserver.pgp.com) using the PGP Key Management utility. Search for "Amenaza Technologies Limited Software Signing Key" or "support@amenaza.com". Note that this site cannot be queried using the LDAP utility built into most browsers.

Since the private half of the Amenaza Software signing key pair used to sign the files is not stored on the Amenaza web server it is NOT possible for an intruder to create a valid signature file even if they compromise the web server. It is, however, possible that the PGP key server may have had the Amenaza Software signing key replaced by a rogue key.

If you are operating in a sensitive environment we recommend that you contact Amenaza Technologies at 1-888-949-9797 (1-403-263-7737) to verify the signing key fingerprint in an 'Out of Band' manner.

Amenaza Software Signing Key Fingerprint:

AE31 1695 86F5 BF87 0384 5314 D4F9 ABC2 D654 5B79

robust	company	backward	Montana
necklace	visitor	slingshot	liberty
acme	Jupiter	dwelling	belowground
steamship	Waterloo	rhythm	repellent
stockman	equation	erase	inertia

License Manager Files:

Windows:

File Name	SecurITreeLicenseManager.exe
File Size	52,692,320 bytes
SHA-1 Checksum	d48e03e21e68ac96030c14ddd069cdc77f82e22e
SHA-256 Checksum	6e5496014660ee16507444f2768bb658b740d05aed89a9bf139e45c1bacd90f0
PGP Signature	SecurITreeLicenseManager.exe.asc

Unix:

File Name	amenazalicmgr_v5.deb
File Size	48,057,496 bytes
SHA-1 Checksum	c11bf083b4753a810a5da3335f6210d606b74bfe
SHA-256 Checksum	7002fc95cda52aad1cfb359bb13907ff7111523bb28759a7245d0f27f48da001
PGP Signature	amenazalicmgr_v5.deb.asc