Re: Https question
From: Volker Birk (bumens_at_dingens.org)
Date: 21 Aug 2005 18:02:06 +0200
Anand kumar <firstname.lastname@example.org> wrote:
> No wait, in that rfc link, there's a para under the hmac computation
> that says that key and time are optional. Which would mean that I can
> get only teh mac (or mac of mac) of the message bits, if I specified no
> key and time in my previous message to the server.
2.4.5. MAC-Info tells me, that only time is optional. But you will
not get a hash for a file with this, even if the secret also would be
optional, because sHTTP requires a MAC for the encapsulated content
of a message, and not a hash over the binary representation of a file.
Sorry. Also the HMAC does not work for this.
> -I want to know what the "encapsulated content" that the rfc is talking
> about. I want to know how big this "encapsulated content" would be. Or,
> in other words, the size of "message bits" that it considers in the
The encapsulated content means, if you're transmitting a file, message
header and the encoded representation of the transported data, not the
binary representation of only the file content.
> -I want the hash of the file in the remote http server, without having
> to download the file
> itself. Is this possible?
Don't think so.
But, another question: _why_ do you want to have this? Perhaps it could
be possible to solve your needs in another way.
-- "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in deutschen Schlafzimmern passiert". Harald Schmidt zum "Weltjugendtag"