I need to transport multiple very large files over an unstable and untrusted network, and the file contents are outputted as a data stream. I wanted to use OpenSSL for streaming authenticated encryption, but they purposefully don’t support that and are preachy about it.
Well, it turns out that XZ has checksumming built-in! It even has different algorithms (CRC32, CRC64, and SHA256). It’s part of the same file, within/before the encryption, and automatically verified by the decompression tool. I’m already using XZ for compression before encryption, so this is just super convenient and useful. Also, it seems like XZ supports threaded decompression now, when it didn’t before. Thanks XZ devs!
untrusted network
What stops the network operator from modifying the data and the checksum? Do you transfer the checksum out of band?
Aged like milk
Maybe I’m Jia Tan 😉