Skip to content

summary functions and digital signatures

24 mayo, 2021

The hash or summary functions are algorithms that manage to create from an input (be it a text, a password or a file, for example) an alphanumeric output of normally fixed length that represents a summary of all the information that has been given ( that is, from the input data create a string that only it can be recreated with the same data).

These functions do not have the same purpose as symmetric and asymmetric cryptography, it has several tasks, among them it is to ensure that a file has not been modified in a transmission, to make a password unreadable or to digitally sign a document.

Hash characteristics

In short, hash functions are responsible for compactly representing a file or data set that is normally larger than the hash regardless of the purpose of its use.

This cryptography system uses algorithms that ensure that with the response (or hash) it will never be possible to know what the inserted data has been, which indicates that it is a one-way function. Knowing that any summary can be generated from any data, we can ask ourselves if these summaries could be repeated (hash) and the answer is that theoretically yes, there could be collisions, since it is not easy to have a perfect hash function (that ensures that the answer is not repeated), but this is not a problem, since if they were achieved (with a good algorithm) two hash the same the contents would be totally different.

Examples and ways of use

The functions hash They are widely used, one of the utilities it has is to protect the confidentiality of a password, since it could be in plain text and be accessible by anyone and still not be able to deduce it. In this case, to know if a password that is stored, for example, in a database is the same as the one we have entered, the password is not decrypted. hash (since it should be impossible to do so) but the same summary function will be applied to the password that we specify and the result will be compared with the one we have saved (as is done with the passwords of the systems Linux).

Let’s take an example, the function MD5 hash is one of these summary functions and we will use it to summarize the following text:

Genbeta Dev

And I will apply the summary function with the specific command that most Linux-based systems have (md5sum):

pedro@ubuntu:~$ md5sum
Genbeta Dev
b71dada304875838f0263e3ae50c2c49  -

So the last line is that of the hash, which you can check in a terminal, in an online tool or with an application for this purpose, although it can be applied in many programming languages ​​that implement it (not only this function, but also other guys like him SHA which can admit different length).

Ensure the integrity of the information

Another use of this function is to guarantee the integrity of the data and it is something that you will have seen many times, for example on some websites that provide downloads of large files, for example software, giving together the summary of the file and the function used.

For example on the download page of Virtual box We can find this page with all the summaries of the available downloads with which we can verify that the file has been downloaded correctly and that no one has modified its content during transmission.

To put this use into practice I will take this image of HTML5 and I will apply a summary function to it with the algorithm MD5.

Example that we will take to do the hash with the MD5 algorithm

And the result of doing the summary is the following, using again the function present in Linux systems (md5sum).

pedro@ubuntu:~$ md5sum HTML5.png 
cc617bf6a1ec75373af6696873fccef1  HTML5.png

This is the method to know that a document is complete after its reception, that is why it is used to verify that a file has been downloaded correctly or to verify that data such as a small text remains the same after its issuance.

Digital signature

Signing a document is not something new, but the digital signature is a little more and helps us to verify the identity of the sender of a message (so we can make sure that our boss sends us a specific file and is not the neighbor who plays a joke).

The simplest method of digital signature is to create a hash of the information sent and encrypt it with our private key (from our asymmetric cryptography key pair) so that anyone with our public key can see the real hash and verify that the content of the file is the one that we have sent.

I’m going to skip ahead to the next chapter on crypto and talk a little bit about GnuPG (GPG) which is an encryption tool that allows us to sign documents, in this case I will do it with a signature in plain text (it is a system less safe but we’ll see what it does).

What I am going to do is sign the image that we have used before (the one of HTML5) with the following command in a Linux terminal (for other platforms there are other very similar or even identical solutions):

pedro@ubuntu:~$ gpg --clearsign HTML5.png 
Necesita una frase contraseña para desbloquear la clave secreta
del usuario: "Pedro Gutiérrez Puente (Clave pública) <info@xitrus.es>"
clave DSA de 3072 bits, ID 783F3E6D, creada el 2012-12-11

Automatically from file HTML5.png generates the file HTML5.png.asc that if we open it with a text viewer we see the content of the image (a set of nonsense characters) and at the end of the file the following text (which contains the encrypted hash):

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlD0vH0ACgkQJQ5Gcng/Pm1gDgD+PnXZfni9n90duv2ir0hdnWdp
1bpBHGzCNWxN8q5I8CoA/RsdMeMxY9kwOx/y8jnxQYDjWFiBRThiE7GSxTtvXUPf
=PwS6
-----END PGP SIGNATURE-----

Resume

Along with this article on hash we have the one that talks about the types of cryptography (symmetric and asymmetric) that are the basis for understanding the next and last in the series on cryptography, where we will put these concepts into practice together with GPG.

In Genbeta Dev | Cryptography