1

right now application is storing a file data in database and we are considering instead to store a link (http, ftp, etc) to the file and its checksum. We will only provide a service and the service consumer is supposed to provide the URI and its checksum. As we do not want to store the file, we won't be able to calculate a checksum, checksum is needed because we want to provide some kind of proof that the initial file has not been tampered with.

Is this applicable, if we require client apps to calculate checksum lets say in MD5 or SHA-256 would it give the same result on all environments (linux, windows, macOS, etc.), would it differ by the algorithm calculating the checksum. Or should we receive the file data and calculate its checksum in our app to make sure that a strong and unified checksum calculation method is applied, and provide a tool to calculate it again when user has access to file so they can verify that it is the original file.

Improve this question
6
  • as long as you use the same algorithm you will be ok. think about linux distros that come with a signature file to prove it hasn't been tampered with Commented Aug 11, 2018 at 10:54
  • As I mentioned I will be asking consumers of the service to provide the checksum. Commented Aug 11, 2018 at 11:59
  • yes, my point is that anyone can validate the sig, because the algorithm is standard Commented Aug 11, 2018 at 14:02
  • How do you check that the file hasn't been altered at a later time? Do you ask the service consumer to again provide you with a checksum, or do you intend to calculate the checksum yourself at that point? Commented Aug 11, 2018 at 15:42
  • @BartvanIngenSchenau No, I do not. Multiple parties will be using that file, if in the future, they disagree that the file that they used at some point has been changed by the provider of the file, I intend that the checksum will be used if it has been or not. The stored file might be changed (becuase it is stored in a different domain), but the original checksum they provided cannot be changed. Commented Aug 12, 2018 at 11:59

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.