|
|
Boost Users : |
Subject: Re: [Boost-users] Stability of Boost::Serialization XML Output
From: Robert Ramey (ramey_at_[hidden])
Date: 2013-08-13 12:11:39
Andreas Neustifter wrote:
> Hi List,
>
>
> I have to provide digital signatures of serialized C++ objects, I'm
> planing on using Boost::Serialization for the XML part.
>
>
> Since XML signatures and XMLDsig in particular are difficult [1] and
> littered with pitfalls I was wondering if maybe the XML output of
> Boost::Serialization is stable enough to do a plain byte-oriented
> PKCSwhatever signature?
>
>
> To summarize:
>
> - C++ objects are serialized to XML with Boost::Serialization (XML is
> used since date has to be as human readable as possible).
>
> - Serialized XML has to be digitally signed.
>
> - XMLDsig is complicated [1]
>
>
> Question:
>
> Does Boost::Serialization with the XML backend produce bytewise the
> same data every time?
This would not and could not be guarenteed across differing library versions
and platforms.
I would guess that the best way to handle this would be to incorporate
XMLDsig compliance into the xml serialization (xml_?archive) itself.
I have no doubt what this is a difficult task - but that's why we make
the big bucks.
Robert Ramey
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net