cURL transfer

Started by anri, Aug 12, 2022, 02:39 AM

Previous topic - Next topic

anriTopic starter

I need to transfer important files from one website to another. It was decided to choose cURL because of its versatility. It is important to make sure that the recipient site receives exactly what I sent.

The transfer takes place over SSL, a key is sent along with the files, which is stored only on the sending website and on the receiving site. Whether the files are intercepted is not important, it is important that the recipient site does not accept fake files. In no case. What can be done to secure the process?


Sign the request.
Something like that: there is a secret key that must be known to both the sender and the recipient. Then, for instance, in the Authorization header we pass a signature calculated as sha256(request_body + secret).

The receiving server verifies that the signature matches the certain file. In addition to the request body and key, you can use any other data to generate a signature, the hashing algorithm can also be replaced.