Hashes are good, but ultimately public/private key cryptography is needed in some form to ensure trust minimized to just signer/dev (holder of private key)