CheckSums and Signatures

Cryptography Features for Verifying Internet Downloads

credit: https://unsplash.com/@chuttersnap

If you download large and potentially dangerous files off of the internet, you should become familiar with a couple “basic” cryptography features — the ‘checksum’ and the ‘signature’.

a checksum and signature next to download link. source: https://maven.apache.org/download.cgi

Both of these files are validation files that serve to ensure that the file you are downloading really is the file that you are intending to receive.

Checksum

The checksum is a digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors. It confirms that you have the exact same data that the sender intended, and both parties can see the checksum.

A checksum might look like this:

89ab8ece99292476447ef6a6800d9842bbb60787b9b8a45c103aa61d2f205a971d8c3ddfb8b03e514455b4173602bd015e82958c0b3ddc1728a57126f773c743

They are created by scanning through the binary data of the file in question. The current standard, SHA-512, works by scanning through each 1024 bit packet of an arbitrary-sized file to produce a single 512…