This article covers how the integrity of files are verified when passed over SFTP. It includes how partially transferred files are avoided and an explanation on checksum mechanism.
As a file is transferred, it is broken up into smaller chunks called "packets." The SFTP protocol does a SHA2 checksum on each 32KB packet as it is sent, and includes that checksum along with that packet. The receiver gets that packet and decrypts the data, and then verifies the checksum. Because this is done on every packet, there is a very granular integrity checking that is accomplished as part of the transfer. Thus, the successful completion of a file transfer means, de facto, that the file has been transferred integrally and there is no need for an additional check.
To avoid partially transferred files in case the network connection is interrupted, the SFTP
automation will do the following:
- Each file is transferred to a temporary location in the destination server, which is not readable by the destination server’s application.
- Partially transferred / broken files won’t be exposed to the destination server’s application.
- If there’s a broken file due to network connection issue, in the next run, the broken file will be discarded and the file will be re-transferred.
- After a file is completely transferred, it will be moved to the actual destination.