English
English
In web development, the security of file transfer and storage has always been an issue that cannot be ignored. To ensure the integrity of the file and prevent the file from being tampered with during the transfer, file signature verification is a common and effective practice. The hash_update_stream() function is one of the important tools in PHP for handling file signature verification. This article will introduce how to use the hash_update_stream() function to implement file signature verification and ensure file integrity and security.
File signature verification is a method that uses a hash algorithm to generate a digital signature on the content of a file and then verify the integrity of the file through that signature. Common hashing algorithms include MD5, SHA-1, SHA-256, etc. They help verify the integrity of files during transmission by generating unique file fingerprints.
When files are transferred on the network, you may encounter various threats, such as file tampering, data loss, etc. To prevent these problems, file signature verification can help us confirm that the file has not been tampered with and its content is complete.
The hash_update_stream() function in PHP is used to update hash values, which is very effective for handling large files because it allows for the hash value to be updated step by step without the need to load the entire file content into memory at once. This function is usually used with hash_init() and hash_final() functions to complete the file signature generation and verification process.
The basic syntax of hash_update_stream() is as follows:
bool hash_update_stream ( resource $context , resource $handle [, int $length = 1024 ] )
$context : This is the hash context created by the hash_init() function.
$handle : The file handle of the file, which can be obtained through the fopen() function.
$length : The number of bytes read each time the hash is updated, default to 1024 bytes.
First, we need to select a hash algorithm and initialize a hash context. In this case, we will use the SHA-256 algorithm.
$algorithm = 'sha256';
$context = hash_init($algorithm);
Next, we open the file through the fopen() function, and use the hash_update_stream() function to gradually read the file content and update the hash value. This process can handle large files without taking up too much memory.
$file = fopen('file.txt', 'rb');
if ($file === false) {
die('Unable to open the file');
}
while (!feof($file)) {
hash_update_stream($context, $file);
}
fclose($file);
Once the file contents are all read and updated to the hash context, we can get the final hash value through the hash_final() function.
$fileHash = hash_final($context);
echo "The hash value of the file is: " . $fileHash;
To verify the integrity of the file, we need to compare the hash value of the file with the correct hash value stored previously. If the two match, the file has not been tampered with.
$expectedHash = 'Pre-stored hash value';
if ($fileHash === $expectedHash) {
echo "File complete,Not tampered with";
} else {
echo "The file has been tampered with";
}
<?php
// Select a hashing algorithm
$algorithm = 'sha256';
// Initialize hash context
$context = hash_init($algorithm);
// Open the file
$file = fopen('file.txt', 'rb');
if ($file === false) {
die('Unable to open the file');
}
// Gradually update the hash value
while (!feof($file)) {
hash_update_stream($context, $file);
}
fclose($file);
// Get the hash value of the file
$fileHash = hash_final($context);
echo "The hash value of the file is: " . $fileHash . "\n";
// 验证File complete性
$expectedHash = 'Pre-stored hash value';
if ($fileHash === $expectedHash) {
echo "File complete,Not tampered with";
} else {
echo "The file has been tampered with";
}
?>
High memory efficiency : the hash_update_stream() function allows for gradual reading of files and calculating hash values, which is suitable for processing large files and avoids the memory consumption of loading the entire file at one time.
Supports multiple hashing algorithms : PHP supports multiple hashing algorithms (such as SHA-256, SHA-512, etc.), and you can choose the appropriate algorithm according to your needs.
Easy to use : Using hash_update_stream() for file signature verification is very simple, and completeness verification is only required in a few steps.
In actual applications, file signature verification is often used in combination with file download and upload operations. If you are using a website like m66.net for file transfer, ensuring that each downloaded file is signed and verified is an important security measure. For example, you can verify whether the file downloaded from m66.net has been tampered with:
