Then you'll be signing a empty string. Looks like you will have to serialize your structure and then sign it as a byte array and not as a string. -- Vargas
On Wed, Dec 9, 2009 at 09:22, Charlie <[email protected]> wrote: > But, if I initialize the struct to zero with memset, Will it work > correctly? > > On 9 dic, 13:04, Rafael Vargas <[email protected]> wrote: >> Just keep in mind that you'll be signing the padding bytes also. >> >> And if your structure contains any byte with value zero, your struct >> will be just half signed. >> >> -- >> Vargas >> >> On Wed, Dec 9, 2009 at 08:33, Charlie <[email protected]> wrote: >> > Thanks everybody!! >> >> > I've tried something thats it's very easy. I've type the following >> > code: >> >> > struct c c1; >> > //... >> > //I fill the strct c1... >> > //... >> > char info[sizeof(c1)]; >> > memcpy (info, &c1, sizeof(c1)); >> > string info_msg = c1; >> >> > And now, I sign the string info_msg and verify the signature and >> > everything works fine! >> >> > Thanks for your ideas! >> >> > On 9 dic, 05:23, Geoff Beier <[email protected]> wrote: >> >> On Mon, Dec 7, 2009 at 06:35, Charlie <[email protected]> wrote: >> >> > Hi! >> >> >> > I know how to sign a string with crypto++, but, how can I sign a C >> >> > struct, for example, the next struct? >> >> >> > struct c >> >> > { >> >> > double x; >> >> > double y; >> >> > int z; >> >> > }; >> >> >> You need to serialize your structure first, then sign/verify your >> >> serialized representation. There are a few common ways to do this. Two >> >> good ones are boost::serialziation and ASN1. Whichever way you do it, >> >> once you settle on a serialization format, it's just a matter of >> >> signing the bytes that are emitted by your serializer and verifying >> >> the bytes before you feed them to your deserializer. >> >> >> If you just use the in-memory representation of your native struct, it >> >> won't be portable across compilers/runtimes/platforms, as others have >> >> noted. >> >> >> FWIW, the most common standards that need to do this use ASN.1 to >> >> specify the structure and the Distinguished Encoding Rules (DER) to >> >> encode/decode it. >> >> >> There's a very good commercial ASN.1 compiler/library >> >> here:http://www.obj-sys.com/products_asn1c.shtml >> >> >> You can get free ASN.1 compilers/libraries >> >> here:http://code.google.com/p/a2c/http://lionet.info/asn1c/ >> >> >> Boost serialization + documentation live >> >> here:http://www.boost.org/doc/libs/1_41_0/libs/serialization/doc/index.html >> >> >> You could naturally roll your own, also. The main thing is that the >> >> serialized representation needs to be the same across all the versions >> >> of the compilers/runtimes you care about. Unless your project is >> >> really trivial, I'd go with one of the above. If you only need to >> >> interoperate with different versions of your own code (albeit possibly >> >> across different platforms/versions of your compiler/runtime) I'd use >> >> boost. It's certainly easiest. If you need to interoperate with >> >> multiple independent implementations of your format, ASN1 is worth the >> >> learning curve IMO. >> >> >> HTH, >> >> >> Geoff >> >> > -- >> > You received this message because you are subscribed to the "Crypto++ >> > Users" Google Group. >> > To unsubscribe, send an email to >> > [email protected]. >> > More information about Crypto++ and this group is available >> > athttp://www.cryptopp.com. >> >> > > -- > You received this message because you are subscribed to the "Crypto++ Users" > Google Group. > To unsubscribe, send an email to [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
