What is the difference between the "sig" files and the checksum files, such as on the PuTTY download page?

What is the functional difference between these file types?

  • Checksums ensure data integrity.
  • Digital signatures additionally ensure data authenticity.

When downloading a file, errors may occur during that process. Malware also could modify the downloaded file if you're machine is infected. The file's fingerprint (checksum) is there to tell you that the file is not altered.

An attacker may host a malicious version of PuTTY on his website and makes it available to download. Verifying the checksum in this case is useless: the only way for you to be sure that you did not download a malicious version of PuTYY is to check its signature(s).

Also, while I know how to check the checksums of the downloaded files, how can the sig files be used (on Windows)?

This is more a Super User question. You have there the same question as yours.


Checksums validate simple parity checks; they basically can tell you that two bits have flipped somewhere and the file is corrupt. They do not provide any cryptographic security, because the algorithms are designed only to detect accidental changes to a file.

The signatures, however, are based on PGP (Pretty Good Privacy). The algorithms work on a fairly standard cryptographic idea: there's two keys, a private key and a public key. You can determine that a private key is legitimate given the input file and the public key, but you have no way to determine what the private key was. In this way, we can prove authenticity. However, that's not good enough, because you'll notice the public keys and the signatures are both on the same site. PGP addresses this by establishing trust, which is done by having people from other places that trust them signing the original key with their keys.

That means that, if you're using PGP to verify PuTTY's authenticity, which many people who are serious about security are, a hacker can't forge an executable that would trustworthy without either (a) stealing the private key, which isn't stored on that server, or (b) hacking the server, replacing the files, checksums, signatures, and keys, and then stealing a significant number of private keys to establish trust for that one private key. Either scenario is basically impossible (or, at least, highly implausible); even if the single private key were stolen, the authors could simply revoke it, which would dissolve the entire chain of trust, etc, which they could then set up again without too much trouble.

RSA simply uses numbers too large to calculate in any reasonable amount of time; current estimates suggest that there's not enough entrophy in the universe to reverse-engineer a private key, so unless it's stolen, it's pretty secure. Coupled with the ability to establish trust, it's a way of achieving very high confidence that the files have not been maliciously tampered with.

You should be able to verify signatures using something like Gpg4win, which lets you verify signatures using the keys found on the PuTTY website. Also, see How does one verify the PGP RSA and/or DSA checksum signatures for PuTTY?.