Hi Everyone;
I’m writing a documentation site using HUGO for my open-source project. Is it at all possible to build in a hashing system? For example, there could be a page at example.com/getting-started and its MD5 hash could be located at example.com/getting-started.md5. Ideally, these hashes would be made automatically when the site is rendered but I’m not sure if that’s possible.
A group of my clients originally suggested using PGP to sign the HTML documents but my understanding of PGP is that it’s an encryption system, an encrypted page is NOT my goal here - just a system to verify with some degree of reliability that a document is genuine.
Any help would be appreciated. Thank you.
For the hash to be of any value, it would have to be generated after the entire page (not just the content) has been fully rendered and (optionally) minified.
There is no way to do this with Hugo.
In that case, would it be possible to use the built-in MD5 function to take a hash of the .Content value and just surround it with HTML comments. If one of my clients want to verify the page that badly they can take the chunk of HTML from the page source and compare it to the hash displayed somewhere else on the page, like the footer.
It’s not an entirely practical solution, but realistically the header, footer and metadata don’t really need to be hashed do they? For a static website protected by SSL on a server that doesn’t even have PHP or SQL installed it should be adequate enough.
Sure, something like:
{{ printf "<!-- begin content: md5 message digest = %s -->" (trim .Content "\n" | md5) | safeHTML }}
{{ .Content }}
{{ print "<!-- end content -->" | safeHTML }}
Or:
<div id="content" data-md5-digest="{{ trim .Content "\n" | md5 }}">
{{ .Content }}
</div>
Then you could use JS to calculate the md5 digest of the div contents and compare it to the attribute value.
However, I question the value of doing this. Anyone who can mess with the HTML can also mess with md5 digest.
2 Likes