On 11/26/14, 3:00 PM, "SM" <[email protected]> wrote: > >I see. That is exactly what I need to do. Sign parts in an OPC ><http://en.wikipedia.org/wiki/Open_Packaging_Conventions> package and >keep >the detached signatures in the package. All the URLs of the references >will >be relative.
Right. >The problem is that such a reference may not be a file resource but a >stream >resource. So for signing and verifying the URL must be read in as a stream >and then used. There has to be a base URI involved to resolve relative URLs against. And I can tell you definitively the code at best knows about file:// and http:// and that's about it, and I doubt I would trust the http:// code, speaking as somebody that writes software that needs real, robust, "can't ever break" http support. In the sense you mean it, everything is a stream to the code, it's just resolving byte streams to sign. But you can't just magically have streams of arbitrary types, there has to be code built to resolve the resources. -- Scott
