Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

MD5 and SCP/SFTP

SOLVED
Go to solution

MD5 and SCP/SFTP

I'm using either SFTP or SCP to transfer files from OpenVMS to HPUX. Unfortunately the MD5 checksum on OpenVMS gives us a different result on the HPUX-box. When I FTP the files (in BINAIRY MODE) the checksum gives a good result.
Anybody any ideas how to get this working with SCP/SFTP?
Resistance is not an option.
13 REPLIES
Willem Grooters
Honored Contributor

Re: MD5 and SCP/SFTP

It might be that encrypting/decrypting might cause a problem. FTP doesn't encrypt and will, in binary mode, send the files as they are. No wonder that MD5 checksum is the same.
Also, I IRC, there are some issues with SCP and/or SFTP on OpenVMS.

Could is be that the endian difference (VMS is little-endian, HP-UX is big-endian) is causing a problem?

Willem
Willem Grooters
OpenVMS Developer & System Manager

Re: MD5 and SCP/SFTP

OK, So we want to be really secure with our transfer but the method we use might screw up the file and there is no way we can check this by using a checksum...*sigh*
;-)
Resistance is not an option.
Ian Miller.
Honored Contributor

Re: MD5 and SCP/SFTP

is sftp doing a binary mode transfer?
If not then it may be messing with the file contents.

Binary file transfers with sftp have been fixed in recent ECO kits for hp TCPIP Services for VMS.
____________________
Purely Personal Opinion
Bojan Nemec
Honored Contributor

Re: MD5 and SCP/SFTP

Bart,

Maybe the diference is because of different file structure. On HPUX you have stream files with records terminated by . On VMS you can have different record formats (fixed,stream,stream_lf,stream_cr,variable,VFC...).

You can see this with DIR /FULL as "Record format:". If yours file is not Stream_LF try to convert the file with:

$ CONVERT/FDL=SYS$INPUT input output
RECORD; FORMAT STREAM_LF


Bojan

Re: MD5 and SCP/SFTP

Ok,
On the testfile I could do this but when I receive files that are being transferred to another node/application I'm not sure if I can.

I've SCP'd a ascii file to UX and SCP'd it back. The checksum is correct so it's certain that the file landed correctly on UX. Perhaps I'll write my own "checksum" this way.
Resistance is not an option.
Bojan Nemec
Honored Contributor

Re: MD5 and SCP/SFTP

Bart,

What are you using to compute the checksum on the VMS part?

If my previous suggestion works (I am not able to test it right now) could you arrange that the files will be originaly written as stream_lf files.

Bojan

Re: MD5 and SCP/SFTP

Bojan,
I use MD5 on VMS and on UX
Resistance is not an option.
Bojan Nemec
Honored Contributor

Re: MD5 and SCP/SFTP

Bart,

I have no MD5 on my VMS system. Maybe you are on 8.2 and you use $ CHECKSUM/ALGORITHM=MD5. Or you use md5sum from the GNV distribution. (this seems broken on my system).

I copy the Reference Implementation from the RFC:

http://www.faqs.org/rfcs/rfc1321.html

and try it on a file. The error was exacltly as I predicted in my previous post. If you compute the checksum on two files where one is variable and the other is the same but stream_lf the checksum is different.

If you modify the source (mddriver.c) to open the file in ascii mode "r" and not binary mode "rb" the result is same. It is also the same as my linux system gives me with md5sum.

Bojan
Bojan Nemec
Honored Contributor

Re: MD5 and SCP/SFTP

Sorry,

I reread my previous post and see that is not clear.

I mean that if you modify the open mode of the file the checksums are equal independent on the record format.

Bojan
Ian McKerracher_1
Trusted Contributor

Re: MD5 and SCP/SFTP

Hello Bart,

It's only a wild guess but could there be a difference between the authentication algorithms? Is one system set to HMAC-MD5 and the other system set to HMAC-MD5-96 for example?


Regards,

Ian

Re: MD5 and SCP/SFTP

That wouldn't explain the succesful checksum during normal Binairy FTP transfer would it?
Resistance is not an option.
Bojan Nemec
Honored Contributor
Solution

Re: MD5 and SCP/SFTP

Bart,

Yes, if you transfer the file binary, the contents are transfered as is. But such a file may not be usable on the HPUX side. If the file is of format variable length which is the VMS default each record begins with two bytes with the record length (little endian). This makes no sense on UNIX systems.

Bojan

Re: MD5 and SCP/SFTP

Bojan; my response above was about the MD5 algorithm I use.

But your idea about the Stream_LF is working!! I only wonder, as I stated earlier, if I can savely convert all files that have to be sent to this format> We are still testing this method and haven't sent any application-data this way.

But you've earned your points ;-)

Thanks again
Bart
Resistance is not an option.