0

Many files that are available for download (eg in github) come along with "asc" signature files attached, or with a sha256 file hash. Can someone please explain difference of PGP signatures vs file hashes?

My questions:

  • Is the purpose of both files (pgp/256hash) the same, to verify file authenticity/not manipulated?

  • When a downloaded file's hash/pgp does not match the hash/pgp provided by the responsible developer, does it mean that only you downloaded that corrupt file? Or does it mean that everyone who downloads that file receives the corrupt file version? What I am getting at: Can the download process be pre-programmed by an attacker which download gets the corrupt and which one the correct file?

  • Which method is technically better suited for what situation?

  • Any technical "flaws" you are aware of for either of both verification methods? Why use pgp, is file 256hash not enough to verify file integrity?
Anders
  • 64,406
  • 24
  • 178
  • 215
johnsmiththelird
  • 483
  • 7
  • 16

1 Answers1

1

If an attacker can manipulate the file you download, surely they can also manipulate the text file with SHA256 checksums. Unless they have access to the PGP key, they cannot create a valid PGP signature for any file or message, and so a signed message which contains the SHA256 checksums or a valid detached signature for a file is guaranteed to be written by a person who is in possession of the key and who vouches for the authenticity of the signed content.

A cryptographic signature is tied to the contents it signed as well as to the signing key, and will no longer be valid if the contents are changed.

When this happens, you can't know the reason off hand -- it could be that the file or message has been tampered with, or it could be an innocuous bit flip because you downloaded it over an unreliable connection. But in this scenario, you do know that the file's or messages integrity has been compromised, and can no longer be trusted.

Users who are not in possession of PGP or who don't want to spend the time on validating a signature can only get a much weaker integrity check, but making sure the SHA256 of a downloaded file is identical to what's communicated in a different place at least guarantees that both sources agree. This -- for many users, much cheaper -- guarantee is enough to validate that the download isn't corrupted, for example.

(You could argue that as long as some users check the signature, and will probably raise hell if it fails, this should be sufficient as a mechanism for "herd immunity"; but obviously, unless you have a good indicator that this is in fact the case, it is basically just speculation.)

tripleee
  • 222
  • 3
  • 10
  • excellent answer thx! btw-@anders, why are mods often editing out my "thank you", not appropriate to thank the community? Strange habit (I refer to the "thanks" in my question, not in this comment) – johnsmiththelird May 07 '20 at 11:30
  • Stack Exchange generally strives to improve the signal-to-noise ratio. Being polite is nice but unnecessary; we really want to focus on the actual content. – tripleee May 07 '20 at 11:36
  • hi @tripleee, Can you please hint me to the steps I need to verify a file's signature (without connecting to the Internet) on command line using GnuPG, when I have the three required files ready: 1 installation file (eg the .exe file) 2 the respective .asc signature file of that installer 3 the respective PGP public key number of the developer? (please commands for both windows+Linux) – johnsmiththelird May 07 '20 at 16:58
  • That seems like a separate question; two questions really if you want it for two OSes. I definitely can't help you with Windows, other than recommend you choose a better platform. – tripleee May 08 '20 at 04:45