Hashing and Digital Signatures
Integrity, authenticity and trustworthy digital evidence
Detecting change and verifying the origin of digital information
Cybersecurity Foundations Training Series
Learning objectives
Describe the properties and limitations of cryptographic hash functions.
Use trusted digests to explain file-integrity checking.
Explain how digital signatures support integrity and authenticity.
Recognise insecure legacy hashes and current alternatives.
| A valid digital signature is strong technical evidence, but its meaning depends on certificate trust, identity proofing, private-key protection and the process surrounding the signature. |
|---|
Hashing
A cryptographic hash function accepts input of any practical length and produces a fixed-length digest. The digest acts as a compact fingerprint of the input.
A secure hash function is designed to make it infeasible to recover the original input from the digest, find an input that matches a chosen digest, or find two different inputs that produce the same digest. The last condition is called collision resistance.
Hashing is not encryption. It does not use a decryption key and is not intended to be reversed.
Integrity checking with hashes
A publisher calculates the digest of a file and distributes the expected value through a trusted channel. A recipient downloads the file, calculates a new digest and compares the two values.
A mismatch shows that the file differs from the expected version. A match supports integrity, but only when the expected digest is trusted. If an attacker controls both the file and the website displaying the digest, the attacker might replace both.
A keyed message authentication code, such as HMAC, adds a shared secret and supports integrity and source authentication between parties that share the key. A digital signature uses public-key cryptography and allows broad verification without sharing the signer’s private key.
Figure 1. Hash comparison supports integrity only when the expected digest comes from a trusted source.
Password hashing
Systems should not store passwords as plaintext or with a fast general-purpose hash alone. Password storage requires a dedicated password-hashing scheme with a unique salt and a suitable cost factor so each guess becomes expensive for an attacker.
Access to password-verifier data must remain restricted, and the organisation should update cost settings as computing capabilities change.
Digital signatures
A digital signature supports verification of integrity and origin. The signer calculates a digest and applies a signature algorithm using the private key. The signature and document are then distributed.
The verifier uses the signer’s public key and the relevant algorithm to verify the signature against the received document. A valid result indicates that the signed content has not changed and that the signature was created with the corresponding private key, subject to trust in the public-key binding and protection of the private key.
Digital signatures do not provide confidentiality. Anyone with access to an unencrypted signed document can read it. When confidentiality is required, the document or transport channel needs separate encryption.
Figure 2. A digital signature signs with a private key and verifies with a public key.
Trust and certificates
Verification is meaningful only when the verifier trusts that the public key belongs to the claimed signer. Certificates and public key infrastructure help establish this binding.
A complete validation process might check certificate chain, expiry, revocation status, permitted key usage, signature algorithm and trusted timestamp information. A mathematically valid signature is not enough when the certificate is untrusted or the private key was compromised.
Hash algorithm choices
MD5 produces a 128-bit digest and has practical collision weaknesses. It should not be used where collision resistance or modern security assurance is required.
SHA-1 also has demonstrated collision weaknesses and should not be selected for new security designs.
The SHA-2 family includes SHA-224, SHA-256, SHA-384 and SHA-512. SHA-3 provides a separate standardised family based on a different construction. Approved use depends on the application, protocol and current organisational or regulatory requirements.
What a valid signature supports
| Security property | What the signature supports | Important limitation |
|---|---|---|
| Integrity | The signed content has not changed since signing | Only the signed bytes are covered; later additions might not be protected |
| Authenticity | The signer controlled the relevant private key | Public-key ownership and certificate trust must be validated |
| Accountability / non-repudiation objective | Evidence can link the signing action to the credential holder | Legal effect depends on identity proofing, key control, process and applicable law |
| Confidentiality | Not provided by the signature | Use encryption separately |
Quick knowledge check
1. Which statement about cryptographic hashing is correct?
A. It is designed to be reversed with a key
B. It produces a fixed-length digest for the selected algorithm
C. It always encrypts the input
D. It provides confidentiality by itself
2. What is a hash collision?
A. Two different inputs produce the same digest
B. A digest is too long
C. A key expires
D. A certificate is revoked
3. Why might a digest on the same compromised website as a download be insufficient?
A. The attacker might replace both the file and digest
B. The digest blocks availability
C. SHA-256 is reversible
D. The digest automatically signs the file
4. Does a digital signature hide the contents of a document?
A. Yes, in every case
B. Only when the public key is secret
C. No, confidentiality requires separate encryption
D. Only for SHA-3
Standards and framework alignment
This lesson uses the following frameworks as complementary references. NIST provides risk and control guidance, ISO/IEC 27001 defines requirements for an information security management system, ISO 22301 addresses business continuity, and SOC 2 evaluates service-organisation controls against the AICPA Trust Services Criteria.
| Reference framework | How it supports this lesson |
|---|---|
| NIST FIPS 180-4, FIPS 202 and FIPS 186-5 | These publications define approved secure hash and digital-signature standards used to protect integrity and verify signatures. |
| ISO/IEC 27001:2022 | Integrity verification, cryptographic controls, secure development, logging and certificate management support trustworthy information and systems. |
| ISO 22301:2019 | Recovery data, plans and communications need integrity checks so the organisation does not restore corrupted or unauthorised information. |
| SOC 2 Trust Services Criteria | Processing Integrity and Security rely on controls that detect unauthorised or incorrect changes and support complete, valid, accurate and timely processing. |
References and further reading
1. NIST Cybersecurity Framework (CSF) 2.0, NIST CSWP 29, 2024. https://doi.org/10.6028/NIST.CSWP.29
2. ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection — Information security management systems — Requirements. https://www.iso.org/standard/27001
3. ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements. https://www.iso.org/standard/75106.html
4. AICPA, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy, Revised Points of Focus 2022. https://www.aicpa-cima.com/resources/download/2017-trust-services-criteria-with-revised-points-of-focus-2022
5. NIST FIPS 180-4, Secure Hash Standard. https://csrc.nist.gov/pubs/fips/180-4/upd1/final
6. NIST FIPS 202, SHA-3 Standard. https://csrc.nist.gov/pubs/fips/202/final
7. NIST FIPS 186-5, Digital Signature Standard. https://csrc.nist.gov/pubs/fips/186-5/final
8. NIST SP 800-63B-4, Authentication and Authenticator Management. https://csrc.nist.gov/pubs/sp/800/63/b/4/final