0

MD5 Checksum is used to verify data integrity for a file. I have to upgrade my client to use HTTPS for better security.

But, while reading through Azure Blob Service API documentation (https://blogs.msdn.microsoft.com/windowsazurestorage/2011/02/17/windows-azure-blob-md5-overview/), it states that:

"MD5 checking is optional on both PUT and GET operations; however it does provide a convenience facility to ensure data integrity across the network when using HTTP. Additionally, since HTTPS provides transport layer security additional MD5 checking is not needed while connecting over HTTPS as it would be redundant."

  1. First of all why MD5 checking is optional. Because, I think MD5 generation is very fast, so it may not harm to make it required.
  2. Second why in the case of HTTPS it is redundant. Because it may happen that the file I want to upload may go through an intermediate step. For example, I may transfer file electronically to my junior for upload. So, it may happen that he can change the file and upload it. If I have a checksum, I can download the file and check it's integrity.
  3. Please also advice an Algorithm to compute MD5 Checksum in Java. Because the algorithm I followed from official IETF documentation (https://www.ietf.org/rfc/rfc1321.txt) is not working.
tRuEsAtM
  • 3,517
  • 6
  • 43
  • 83
Arjun Chaudhary
  • 2,373
  • 2
  • 19
  • 36

1 Answers1

-1

From the documentation, by default, Content-MD5 is optional, and which could be used to verify the integrity of the blob during transport. And as we know, HTTPS is recommended while we operate blob, and HTTPS already provide transport layer security, this feature should be used primarily if HTTP is used. Of course, you could specify Content-MD5 in request header If you’d like to use this MD5 validation feature.

Besides, please refer to this thread that discussed about generating MD5 Checksum for file in Java.

Community
  • 1
  • 1
Fei Han
  • 26,415
  • 1
  • 30
  • 41