Open zwykl3 opened 5 years ago
I don't understand the question fully. Can you reply to my thoughts below?
In general though it is a bad idea for a cryptographic tool to be manipulating and interpreting binary data because it opens up potential vulnerability paths. I would like to keep this tool treating the download objects as a binary string that is pushed directly into a cryptographic digest algorithm. Does that make sense?
What is your use case?
@zwykl3 to ask another question, from the statement:
I download only header
It sounds like you would be looking for some type of metadata which is packaged either in the payload or is served directly by the content server (e.g. as you said, delivered via a header).
Part of the benefit of using the model prescribed by rget
is the out of band nature of the metadata used for validation.
Presently there are no limitations on the types of files which can be used with rget
. As long as the files can be referenced in the SHA256SUMS
file (or via some related mechanism after the resolution of #1) with a valid digest, it should be agnostic of the content.
Is possible integration zip,tgz,rar etc.? for example I download only header, unpacke and check sign for whole files inside zip/tgz