In version 3.3 MOVEit DMZ opened up its FTP integrity check protocol to allow non-MOVEit FTP clients to begin to perform cryptographic integrity checks as well. (SmartFTP was the first non-MOVEit FTP client to take advantage of the open protocol.)
Using integrity checks with MOVEit DMZ requires sending three short commands from the client to the server:
The local FTP client must be able to calculate SHA-1 hashes, of course. MD5 hashes MAY be allowed in the future, but only to support legacy FTP clients. CRC values will NEVER be allowed as they lack any cryptographic value and are thus almost useless in situations where "non-repudiation" is required.
The following FTP session shows an FTP client session working with variations of the commands discussed above. A complete, successful integrity check has been highlighted in green.
ftp> QUOTE INTEGRITY H 200 Integrity mode selected ftp> get HomePage.php 200 PORT command successful 150 RETR command started 226 Transfer complete. Integrity check pending. ftp: 4890 bytes received in 0.70Seconds 6.79Kbytes/sec. ftp> QUOTE XSHA1 500 XSHA1: parameters are incorrect ftp> QUOTE XSHA1 HomePage.php 250 d6f63471acd1ab7dd647c86e6eea91d09f0fbb70 (at this point the FTP client calculates a SHA-1 hash against the file it just downloaded and gets a value of "d6f63471acd1ab7dd647c86e6eea91d09f0fbb70") ftp> QUOTE HASH OK 200 Downloaded file has passed integrity check. ftp> get HomePage.php 200 PORT command successful 150 RETR command started 226 Transfer complete. Integrity check pending. ftp: 4890 bytes received in 0.64Seconds 7.45Kbytes/sec. ftp> QUOTE XSHA1 HomePage.php 250 d6f63471acd1ab7dd647c86e6eea91d09f0fbb70 (at this point the FTP client calculates a SHA-1 hash against the file it just downloaded and gets a value of "c86e6eea91d09f0fbb70d6f63471acd1ab7dd647") ftp> QUOTE HASH BAD 500 Downloaded file integrity check FAILED!