The MD5 Message Digest Algorithm is an algorithm invented by Professor Ronald L. Rivest of MIT. One of the features is taking a sequence of bytes in a disk file and produce a "digital signature", or what can be sometimes called a "digest" or "hash". This algorithm is designed so that the probability of any two files having the same digital signature is practically zero, so if a file is changed even by one byte then the digital signature will also change.
In 2007, CDE Software began implementing MD5 digital signature with files uploaded to our website. This signature is taken as soon as an installer is created by our build machines. During the upload process, the signature will be provided in the on our product download details page.
What does that mean for you?
There are several DOS and Windows based utilities that can be used to verify the MD5 file signature of the installer. One of the easiest applications to use is a free application called digestIT 2004 from Colony West Software. digestIT 2004 comes in 32 bit and 64 bit versions and is compatible with Windows 2000, XP, 2003, Vista and Windows 7. Visit their website at http://tinyurl.com/lseb3e to download digestIT 2004.
After downloading and installing digestIT 2004, do the following:
CDE Software continues to use digital certificates to digitally sign the applications, DLL's and installers as it has done for several years. This digital signature provides the highest level of assurance in terms of verification that the files are coming directly from CDE Software by a machine that has been authenticated by one of the most recognized certifying agencies.
Installers, applications and DLL's are digitally "shrink-wrapped" for code and content to protect our end users when software is downloaded from the Internet. The digital signatures authenticate the source as well as the integrity of content.
To verify that the installer or application from CDE is digitally signed, right-click on file and select Properties. Select the tab labeled Digital Signature. CDE Software should be listed as one of the certificates attached to that file. If the tab is missing or CDE is not listed, then the application has not been digitally signed.