For large scale wireless sensor networks (WSNs), reprogramming sensor nodes through the wireless channel is an important capability. To avoid reprogramming false or viral code images, each sensor node needs to efficiently authenticate its received code image before propagating it. Public key schemes based on elliptic curve cryptography are feasible in WSNs, yet are still very expensive in terms of memory and CPU consumption. In this paper, we propose a hybrid mechanism that combines the speedy verification of hash schemes with the strong authenticity of public key schemes. A hash tree is computed from packetized code and its root is signed by the public key of the base station. Each sensor node can quickly authenticate the data packet as soon as it is received. Simulation shows that the proposed secure reprogramming scheme adds only a modest amount of overhead to a conventional non-secure reprogramming scheme, namely Deluge, and is therefore feasible and practical in a WSN.