My company uses a powershell scipt to verify trust, using a SHA256 hash of a
digital object:
param(
[string]$LOC,
[string]$OFILE
)
curl $LOC -o $OFILE
$DNAID = (Get-FileHash .\$OFILE).Hash
$URL="https://softwareassuranceguardian.com/labellink/getTrustedProductLabel?ProductID="+$DNAID+"&html=1"
Start-Process $URL
Usage instructions for this script are here to verify trust in a self-signed
X.509 public key digital certificate :
https://github.com/rjb4standards/REA-Products/blob/master/DigitalCertificates/README.md
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council – A Public-Private Partnership
Lifetime IEEE Member, #SBOM SIG member
https://businesscyberguardian.com/
From: curl-users <[email protected]> On Behalf Of bruce via
curl-users
Sent: Saturday, June 13, 2026 2:57 PM
To: curl-users - the curl tool <[email protected]>
Cc: bruce <[email protected]>
Subject: Re: Curl feature idea, download hash checking
as i recall decade ago. that was the mantra!. so maybe a few example of how
to accomplish this kind of process would be enough!!
On Sat, Jun 13, 2026, 9:25 AM Ray Satiro via curl-users
<[email protected] <mailto:[email protected]> > wrote:
On 6/12/2026 7:16 AM, Daniel Stenberg via curl-users wrote:
On Fri, 12 Jun 2026, Ian Norton via curl-users wrote:
curl -O URL —-hash sha256:HASH_VALUE
Does this sound like a good idea?
It is an idea that is often brought up but has never been materialized. Is it
good? I think it depends on how it is done so that in the end people would use
it.
Many years ago I wrote CURLOPT_SHA256 / CURLINFO_SHA256 to calculate the hash
of the transfer body as received but there wasn't any interest so it wasn't
adopted see https://github.com/curl/curl/issues/1399
These days sha256 is more common and we have sha256 calculation code already in
libcurl. So that part would be easier. But to handle partially downloaded data,
resumed data, etc, is still a complication. You can already pipe curl to sha256
for verification, and ghedo gives an example in that issue of how to do it.
Basically if you can do the unix pipe style to an existing tool that can handle
it then is it worth putting that tool's functionality in curl, I guess is the
question. What I mean is like grep should be grep, curl should be curl etc
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
Etiquette: https://curl.se/mail/etiquette.html
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
Etiquette: https://curl.se/mail/etiquette.html