Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

A good strategy to ensure the integrity of a file

Tags:

iphone

md5

I have some code that downloads a plist from a web server and stores it in the documents directory of the phone. My concern is that if the file becomes corrupt then it will effect the stability and user experience of the app.

I am coding defensively in the data read parts of the app, but wondered what advice is out there for checking the integrity of the file in the first place before the old one is over written. I am thinking of implementing some sort of computed value which is also stored in as a key in the plist for example.

Any thoughts about making this as robust as possible would be greatly appreciated.

Best regards

Dave

like image 531
Magic Bullet Dave Avatar asked Jan 12 '10 07:01

Magic Bullet Dave


People also ask

What is the integrity of a file?

File integrity in IT refers to the process of protecting a file from unauthorized changes, including cyber-attacks. In other words, a file's 'integrity' is validated to determine whether or not it has been altered after its creation, curation, archiving or other qualifying event.

Which method is used for integrity of data?

Cryptographic methods are the most sophisticated method of data integrity checking, and can be used to detect even the most subtle errors. Data integration can be used to improve the accuracy and completeness of data, as well as to reduce the cost of data storage and retrieval.

What validates the integrity of data files?

Checking Integrity of a file Every single file on the internet is unique in its way and when it is changed or altered, either its hash value or its digital signature change. Therefore, analysts can use both digital signatures and hash values to check the integrity of a file.


1 Answers

Have a look at CommonCrypto/CommonDigest.h.

The CC_MD5(const void *data, CC_LONG len, unsigned char *md); function computes an MD5 hash.

@implementation NSData (MD5)

-(NSString*)md5
{
    unsigned char digest[CC_MD5_DIGEST_LENGTH];
    CC_MD5([self bytes], [self length], digest);

    NSString* s = [NSString stringWithFormat: @"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
                   digest[0], digest[1], 
                   digest[2], digest[3],
                   digest[4], digest[5],
                   digest[6], digest[7],
                   digest[8], digest[9],
                   digest[10], digest[11],
                   digest[12], digest[13],
                   digest[14], digest[15]];
    return s;

}

@end

As part of the deployment of the files on the server, you can use OpenSSL to compute the hashs. The openssl md5 filename command computes an MD5 hash for a file. This can be integrated in a script.

Then after your application has downloaded a file, it computes the hash of what's been downloaded and compares it to the hash stored on the server.

Obviously, if you want to ensure the integrity of a plist file, this plist cannot contain its own hash.

like image 111
Gregory Pakosz Avatar answered Sep 26 '22 23:09

Gregory Pakosz