[Derrick Adams]

While encryption guards confidentiality, integrity comes from math that lets us detect even prove whether data was changed. The starting point is hashing. A hash creates a one-way fingerprint of a file, record, or log entry. If a single bit changes, the fingerprint changes, so teams can verify backups, check system files, and spot tampering in logs. When a secret key is added to the hash, we get an HMAC. That small step lets applications and APIs confirm that a message really came from someone who knows the key and that it was not altered in transit.
Public-key cryptography extends this idea with digital signatures. A sender signs the hash of a document with a private key; anyone can verify it with the public key. Signatures provide integrity and non-repudiation for software updates, contracts, email, and archived logs. Certificates and TLS then bind keys to identities so integrity checks can be trusted across the network. At the platform level, secure boot and code signing verify firmware and operating system components before they run. All of this depends on sound key management—protecting keys, rotating them, and separating duties—and on storing passwords as salted, stretched hashes. Together, these practices make it clear when data or software has been changed and help prove which version is authentic.