The verification methods described below apply exclusively to our own installers!
Those are built using install4j and are digitally signed to ensure they have not been altered by third parties.
To ensure that the software you downloaded is authentic and has not been tampered with, we recommend verifying its Digital Signature.
A digital signature confirms the identity of the software publisher and ensures the file’s integrity.
Please note that our installer files are hosted on and linked via mega.nz. This has been our standard practice for many years.
Always ensure you are redirecting from our official website to the correct repository before downloading.
You can easily verify the signature of both Windows (.exe) and macOS (.dmg, .pkg) installers without installing additional software:
Upload the File: Go to www.virustotal.com and upload your installer file.
Open the Details Tab: Once the scan is complete, click on the "Details" tab at the top of the results page.
Check the "Signature Info" Section: Scroll down until you find the section labeled "Signature Info" (for Windows) or "File Signature" (for macOS).
Verified Status: You should see a status like "Signed" or "Valid".
Signers/Authority: Look at the "Signers" field. It should clearly list the name of our organization: AppWork GmbH.
Important: If VirusTotal reports the file as "Unsigned" or the signer's name does not match our organization, do not run the installer and contact our support team immediately.
The signature should clearly list our organization. Depending on the version of the software you are installing, the certificate may vary.
Please compare the Signer and Thumbprint with the list below:
Please note: The following list provides the most common certificates used for our installers. While we strive for accuracy, this list may not be exhaustive, particularly regarding older legacy versions or historical certificates.
Windows (.exe)
| Status | Name | Issuer | Valid From / To | Serial | Thumbprint |
| Current | Appwork GmbH | GlobalSign |
02:36 PM 10/22/2026 02:36 PM 07/26/2023 |
6C 96 BF A2 6C 9F 9D 8E 84 38 26 31 |
78C97D5FDE66893DDEF99033372A76D0D1B84C7D |
| Previous | Appwork GmbH | GlobalSign |
01:49 PM 10/13/2023 01:58 PM 04/21/2021 |
35 98 95 82 3C 34 08 0D C0 7D C7 D4 |
2EAA8DE0BE4828964D6D922224A7A265D0A96369 |
| Previous | AppWork GmbH | GlobalSign |
01:49 PM 10/13/2023 01:49 PM 07/13/2020 |
1B C4 59 B0 42 5B 1D 82 B6 1C 99 62 |
94F54C365C8A60A0A0057D47944FBA5E8B1AD9FA |
macOS (.dmg, .pkg)
| Status | Name | Developer ID | Issuer | Valid From / To | Serial | Thumbprint |
| Current | Appwork GmbH | F9XJE9HP83 | Apple Inc. |
10:12 PM 02/01/2027 10:10 AM 01/11/2024 |
33 F4 BE 81 52 42 C2 CC | AD1CA0CCF62758A8A464FB50D60C8FFCEF5C44B1 |
| Previous | AppWork GmbH | F9XJE9HP83 | Apple Inc. |
12:51 PM 09/15/2023 12:51 PM 09/14/2018 |
71 C1 55 73 D9 E5 AB AD | FFE38D8D8D9D6E3B1685201F3E0390748B06105F |
If you prefer not to upload the file, you can also check the signature directly on your computer:
You can verify the digital signature locally on Windows using either the graphical interface or the command line:
Method 1: Using Windows PowerShell (Recommended for detailed view)
Open PowerShell.
Run the following command (replace path\to\installer.exe with the actual path to your downloaded file):
Get-AuthenticodeSignature "path\to\installer.exe" | Format-List
Look at the output fields:
Status: Should say Valid.
SignerCertificate: Should list our organization name (e.g., CN=[Appwork GmbH]), along with the corresponding Serial Number and Thumbprint (which you can cross-reference with our Verified Signer Information table below).
Method 2: Using File Properties Right-click the .exe file → Properties → Digital Signatures tab. Select the signature entry from the list and click Details to view the certificate issuer and status.
Since the macOS Finder does not show signature details via right-click, you can use the Terminal to view the full certificate chain, including the organization name and fingerprints:
Method 1: Using the Terminal (Detailed View)
Open Terminal.
Type the following command to check the general assessment (include a space at the end):
spctl -a -vv -t install
Drag and drop the .dmg file into the Terminal window and press Enter. It should output accepted and show our source and origin.
Method 2: Basic Verification
Open Terminal.
Type codesign -dv --verbose=4 (with a space at the end), drag your .dmg file into the window, and press Enter.
Look for the Authority lines to confirm the publisher name.
Our Linux installers (.sh) and the generic Java archive (JDownloader.jar) are officially secured using GPG (GNU Privacy Guard) signatures. Each release is accompanied by a detached signature file (.asc), allowing you to verify that the files are genuine and have not been modified.
Our official Public Key credentials are:
Key URL: https://installer.jdownloader.org/jd_release_signing_key.asc
Key Hash / Fingerprint: 2B80 5711 032D 5A5C B500 74C5 10C6 265C EFB6 457E
You can verify the files using one of the following methods:
Method 1: Automatic Key Retrieval (Recommended) If your GPG environment is connected to a keyserver, it can automatically fetch our public key using the unique Key ID embedded in the signature file:
Open your Terminal.
Run the verification command by pointing to both the signature file and the actual installer:
gpg --keyserver hkps://keys.openpgp.org --recv-keys 2B805711032D5A5CB50074C510C6265CEFB6457E
gpg --verify path/to/installer.sh.asc path/to/installer.sh
Look for a message stating: Good signature from "JDownloader Release Signing Key".
Method 2: Manual Key Import If you prefer to download our public key directly from our infrastructure:
Download and import our official public key:
curl -s https://installer.jdownloader.org/jd_release_signing_key.asc | gpg --import
Verify the downloaded installer file against its signature:
gpg --verify path/to/JDownloader.jar.asc path/to/JDownloader.jar
Check the output fields:
Result: It must explicitly say Good signature.
Fingerprint: Ensure the displayed fingerprint matches exactly: 2B80 5711 032D 5A5C B500 74C5 10C6 265C EFB6 457E.