Skip to main content
  • Products
  • Evaluate our Software
  • Downloads
  • Free Utilities
  • Purchase
  • Support
  • About Us
  • Blog
  • Forum
  • Search
    • Contact Us
    • Forum
    • Wiki
    • Web Shop
    • Newsletter
    • RSS
  •   Jobs
  •   Videos
  •   Blog
  •   Sustainability
  • emSecure
  • Sign&Verify
  • Technology
  • Variations
  • Tools
emSecure Product Icon SEGGER (Blue)

emSecure - Signed Downloads

SEGGER provides digital signatures for all files that are available for download in SEGGER's Download area.
All SEGGER downloads have been signed with SEGGER's emSecure Sign & Verify!

  1. 1.What is the digital signature of the file?
  2. 2.How can downloads be verified?
  3. 3.How are the signatures generated?

Signed downloads are a must-have to provide more security to users. Modifications of data during sending - be it through a virus, a trojan or any willful manipulation - will no longer go unnoticed. SEGGER's emSecure Sign & Verify can make sure that data stored to and recalled from a server is unchanged.

What is the digital signature of the file?

The digital signature is generated with a private key by SEGGER. It is intended to assure that the software comes from SEGGER and has not been modified by anyone. Even in case the SEGGER webpage would be hacked, the attacker could not generate valid signatures for files.

How can downloads be verified?

Your downloaded files can be verified in a few steps:

  • Get a free copy of emSecure Sign & Verify tool which comes with SEGGER's public key to verify SEGGER downloads.
  • Get the signature file "*.sig" which is provided next to each download button at https://www.segger.com/downloads/.
  • Place the signature file into the same directory as your download.
  • Once you have downloaded a file and the appropriate signature to your PC, drag the download or the signature file onto Sign & Verify.

Sign & Verify will try to verify the file by its signature with the public key files residing in the Sign & Verify directory. The green flashing window, as shown in the screenshot, will show that the downloaded file is authentic and has not been modified. If the file or the signature would have been modified, either on the web server, while downloading it, or on the local computer, Sign & Verify would not be able to verify the file and flashes red.

To be sure that Sign & Verify and SEGGER's public key have not been modified and that you get a genuine version, you may also contact info@segger.com and request to get Sign & Verify via e-mail.

 

emsecure sign verify file verfied

How are the signatures generated?

The signatures are generated at SEGGER by a server running in the local network. This server is a "deeply embedded system", a microcontroller running SEGGER's software: embOS, emNet and emSecure. The private keys are stored inside the microcontroller and can not be read out.

This is a big difference to traditional hashes, such as MD5. Here an attacker who would compromise the website, gaining the ability to exchange file for download, could present them with a valid MD5 checksum as well.

Unlike Windows or Linux systems, the microcontroller running SEGGER software does not have vulnerabilities that allow attacking and compromising the server, which means the keys are safe. There is no copy of the private keys anywhere in the SEGGER network, only a paper copy of the keys exist in a safe, so even in the unlikely case of the company's network becoming compromised, the keys would still be safe.

More Information

Purchase

  • Pricing

Technology

  • Security Consideration
  • About Crypto

Variations

  • emSecure-RSA
  • emSecure-ECDSA

Tools

  • Sign&Verify

About us

  • The Company
  • Partners
  • Job Offers
  • Media
  • Contact us

Support

  • Technical Support
  • Blog
  • Forum
  • Wiki

Downloads

  • Application Notes
  • Embedded Studio
  • embOS
  • emCompress
  • emCrypt
  • emFile
  • emLib
  • emLoad
  • emModbus
  • emNet
  • emPower
  • emSecure
  • emSSH
  • emSSL
  • emUSB-Device
  • emUSB-Host
  • emVNC
  • emWin
  • Flasher
  • Free Utilities
  • IoT
  • J-Link / J-Trace
  • Linux Studio
  • SystemView
  • CE / REACH

Social Media

Headquarters

SEGGER Microcontroller GmbH

Ecolab-Allee 5
40789 Monheim am Rhein, Germany
info@segger.com
Tel.: +49-2173-99312-0
Fax: +49-2173-99312-28

Locations

USA: SEGGER Microcontroller Systems LLC

Boston area
101 Suffolk Lane
Gardner, MA 01440, USA
us-east@segger.com
Tel.: +1-978-874-0299
Fax: +1-978-874-0599

Silicon Valley
Milpitas, CA 95035, USA
us-west@segger.com
Tel.: +1-408-767-4068

China: SEGGER Microcontroller China Co., Ltd.

Room 218, Block A, Dahongqiaoguoji
No. 133 Xiulian Road
Minhang District, Shanghai 201199, China
china@segger.com
Tel.: +86-133-619-907-60

ISO 9001 certified

ISO 9001

30+ years of experience

First-class embedded software tools since 1992
  • Imprint
  • Disclaimer
  • Privacy Policy

© 2023 SEGGER - All rights reserved.