In: Computer Science
What I want to do is to digitally sign a document. I am new to cryptography and was wondering what issues to take into account. The only criteria is that a textual document signed should produce a code that is different if lines in the same document are shifted. I heard that MD5 is broken and that one should avoid SHA1 (because of NSA etc).
If you assume people are able to trust your website, you could simply list the SHA-256 (for example) hashes of your documents on your website. Perhaps include an URL in the signed document pointing to a particular page on your site that lists the hash for that file.
Trusting others to get the correct hash from your website when they visit the URL would remain unsolved. Someone could intercept the request and return a different hash that matches a modified document they've distributed.
The more complex option is public key signatures.
If you go that way you would use something like GPG/PGP to generate a key-pair, distribute the public key, then sign the documents using the private key. In this case an attacker couldn't produce a different signature that matches your key even if they controlled requests to the documents and your website.
However, you would still need to get your public key into the hands of anyone wanting to verify the signature. An attacker who could distribute their own key as yours could again forge signed documents in your name.