Danek Duvall wrote:
Shawn Walker wrote:
What's the preferred direction?
You also have the option of putting a dummy string in as a signature,
signing the resulting serialized format, and then replacing the dummy
string with the signature hash before writing to disk. It's more
complicated than serializing twice, or writing the signature in a different
file, but it's not that complicated.
If you don't like that, then I concur with johansen -- option 2 is the best
of the three you outline.
No, that option is fine (and I greatly appreciate the suggestion!),
although it does seem to indicate that I will have to either:
* serialize the result to a string and do a search and replace in the
string (not so pretty from memory usage standpoint) and then save
* perform a seek in the file searching for the dummy signature value
string and then replace it with my own (number of ways to do this) and
then re-save
If that's ok, then sure. Obviously having the signature in the file is
preferred from a 'easier-to-verify-and-more-secure' standpoint.
At the least, the suggestion you've given me is far better performing
than a double serialization.
Cheers,
--
Shawn Walker
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
