4

Many websites including OpenSSL's website provide downloads along with MD5/SHA1 checksums sometimes in addition to PGP signatures for the files.

Simply put, do PGP signatures provide file integrity verification in addition to file identity verification? I would assume so. If I've verified a file's PGP signature, are the MD5 and SHA1 sums of the file more or less irrelevant, as I've already verified integrity?

If this is true, do PGP signatures provide better file integrity verification than other hash methods?

Naftuli Kay
  • 6,745
  • 9
  • 47
  • 76

4 Answers4

5

Signatures and Fingerprints

Simply put, do PGP signatures provide file integrity verification in addition to file identity verification?

Yes, they do: but without further investigation, they only verify whether a given key was used to sign; not whom it belongs to (read on below)!

If I've verified a file's PGP signature, are the MD5 and SHA1 sums of the file more or less irrelevant, as I've already verified integrity?

Yes, unless you haven't been able to verify the ownership of the key, but the other person provided you with the correct fingerprints in a secure channel (by meeting, (video) phone call, ...).

If I've verified a file's PGP signature, are the MD5 and SHA1 sums of the file more or less irrelevant, as I've already verified integrity?

In fact, OpenPGP also uses hashing algorithms like these (whereas it hopefully shouldn't use MD5 any more, which is considered too weak our days). But digital signing adds information on who signed the software (if verified correctly).

Verifying Key Ownership

Unless you directly signed the software issuer's key, all you know is somebody signed the software. There is no primary certificate authority in OpenPGP, everybody can add a key with arbitrary names, it is up to you to decide which to put trust in. This is usually done by meeting and exchanging the key's fingerprints, but depending on your level of paranoia you might be fine with verifying the key fingerprint against some they put on their website (which then should be transmitted SSL-encrypted together with a reasonable certificate, of course).

Then, there is the concept of the web of trust, which allows to build trust paths from you to the issuer without meeting him directly, by trusting others in-between that together form a chain of certifications (this can actually be compared to the intermediate certificate authorities of X.509). A very short explanation can be found in this answer: What is the exact meaning of this gpg output regarding trust?.

Jens Erat
  • 23,816
  • 12
  • 75
  • 96
2

By definition, signatures provide integrity. In fact, imagine a system with a signature such that you get some "identity verification" but not integrity: this would mean that when you receive a signed email from Bob, you are sure that Bob was involved, but not that what you received is really what Bob sent; such a system would only guarantee that Bob exists, but would say nothing about the email you actually received. Such a system would be quite useless, and not worthy of being called a "signature".

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
1

Yes, a digital signature verifies that the data is the same; the sign function always combines the signer's private key and the file's contents (or almost always their hash, to keep the signature small).

(Imagine for a moment that it didn't do that. It would mean you could take a signature of someone's file A and stick it on your own file B. What exactly would the signature mean, then? If it still remained valid regardless of the data it was signing... what purpose would signing serve at all?)

user1686
  • 1,071
  • 8
  • 17
0

The main trade off is in the time to calculate and applications/libraries.

A hashing algorithm should return the same output for any given input. A hashing algorithm is a one-way function, and SHA1/MD5 are "fast hashes" which are commonly used for calculating file integrity.

If you use an encryption function, the same output should be the same for any given input. An encryption function may be slower because it is more costly to calculate. Digital signature are a use of encryption for providing integrity as well as authenticity.

When considering one versus the other, you should consider the speed and availability of the tool the user will need (why not provide both). You should also consider the likelihood of collisions for similar data. Getting authenticity and integrity in one go can be weighed against speed and wider availability.

On GnuPG's website the provides guidance for verifying your download of GnuPG with both SHA1 and GnuPG

Eric G
  • 9,701
  • 4
  • 31
  • 59