1

From this question: Digitally sign a hash value of a file directly instead of file

I wonder that Is there any security risk or integrity problem when signing a hash value instead of a file?

Community
  • 1
  • 1
hienbt88
  • 1,309
  • 1
  • 11
  • 13
  • A very, very small one, as long as you use a secure hashing function. (If you use MD5 there's a very very big risk, since you can force hash collisions.) – towr Jan 20 '14 at 06:59
  • Thanks for your answer. Can you explain this in more details? – hienbt88 Jan 20 '14 at 07:04
  • From where do you get those hash values? If you get them from some remote client, a risk may be that the hashes on their way to your signing component might have been exchanged for other ones and you actually create signatures for some documents you don't intend to sign. If your signing component only accepts documents, you can at least store the documents and spot-check whether the documents are the correct ones. This can be an audit issue. BTW, this question may better be asked on http://security.stackexchange.com/ – mkl Jan 20 '14 at 08:37
  • Having read @LarryK's answer, I started wondering whether I understood your question correctly. You are aware that signing always includes some initial hash calculation? I assumed you are; my comment, therefore, focused on the same problem as [@Eugene's answer](http://stackoverflow.com/a/18721049/1729265) to the question you referred to. Larry's answer here and towr's comment seem to have understood you differently, though. – mkl Jan 21 '14 at 08:16

1 Answers1

1

The US National and International standards for digitally signing documents (PDF, Word, Excel) and data sign hash values that represent the original documents/data.

So you'll be in good company.

The various national and international standards bodies periodically issue new standards and regulations to ensure that the hashing functions are secure.

For example, in 2011, the US National Institute of Standards issued a regulation (see page 6) that states:

After December 31, 2013, key lengths providing less than 112 bits of security strength shall not be used to generate digital signatures.

(Emphasis is in the original.) This regulation applies to the US Government, but it is also common for non-government organizations/companies to follow it as an example of best practice.

What it means in practice is don't use SHA-1. Instead, use the SHA-2 family of hashing functions.

Larry K
  • 47,808
  • 15
  • 87
  • 140