fix: verify blob hash after download and decryption (closes #5) #39

Open

clawbot wants to merge 2 commits from fix/verify-blob-hash into main

Author	SHA1	Message	Date
clawbot	22efd90f8c	refactor: stream blob hash verification instead of buffering in memory FetchAndDecryptBlob now returns io.ReadCloser with a hashVerifyReader that computes the double-SHA-256 on-the-fly during reads. Hash is verified on Close() after the stream is fully consumed. This avoids loading entire blobs into memory, which could exceed available RAM. Addresses review feedback on PR #39.	2026-02-20 02:29:19 -08:00
user	2bdbf38be6	fix: verify blob hash after download and decryption (closes #5 ) Add double-SHA-256 hash verification of decrypted plaintext in FetchAndDecryptBlob. This ensures blob integrity during restore operations by comparing the computed hash against the expected blob hash before returning data to the caller. Includes test for both correct hash (passes) and mismatched hash (returns error).	2026-02-20 02:26:15 -08:00

Author

SHA1

Message

Date

clawbot

22efd90f8c

refactor: stream blob hash verification instead of buffering in memory

FetchAndDecryptBlob now returns io.ReadCloser with a hashVerifyReader
that computes the double-SHA-256 on-the-fly during reads. Hash is
verified on Close() after the stream is fully consumed. This avoids
loading entire blobs into memory, which could exceed available RAM.

Addresses review feedback on PR #39.

2026-02-20 02:29:19 -08:00

user

2bdbf38be6

fix: verify blob hash after download and decryption (closes #5 )

Add double-SHA-256 hash verification of decrypted plaintext in
FetchAndDecryptBlob. This ensures blob integrity during restore
operations by comparing the computed hash against the expected
blob hash before returning data to the caller.

Includes test for both correct hash (passes) and mismatched hash
(returns error).

2026-02-20 02:26:15 -08:00

fix: verify blob hash after download and decryption (closes #5) #39

2 Commits