All implementations are advised to output tags in order by field number, in which case they should all produce the same bytes... unless there are unknown fields, which are always written at the end. In C++ you can use DiscardUnknownFields() to make sure all unknown fields are discarded.
But I would suggest not relying on this when doing cryptography. You can sign your serialized message, and send around the serialized bytes with the signature. People can verify the signature against the serialized bytes, then parse it. On Thu, Mar 18, 2010 at 11:01 AM, Henner Zeller < henner.zel...@googlemail.com> wrote: > On Thu, Mar 18, 2010 at 10:36, maxwolf <waxm...@gmail.com> wrote: > > I wonder if protobuf messages are safe to be crypto signed? > > If you just sign the content of a message, then this should be an > operation that should not require that a message is generated the same > for different implementations, right ? Meaning, you have some binary > encoded message generated by some implementation and its signature so > you can compare if that content is indeed signed by the owner. You > directly compare that binary encoding with that signature. > > But looks like you're looking for a bit stronger guarantee: that you > can just operate only on the hash of some message and want that to be > identical for messages with the same content generated by different > implementations. > > > More > > precisely - will certain message serialized from the same set of field > > values be exactly the same for every platform/language? > > The encoding scheme does not enforce this per se: it is entirely valid > to send fields in a different order over the wire and thus have > equivalent messages whose binary encoding is different. > However, all current Google implementations actually encode the same > messages the same way - I guess too many people relied on being able > to reliably store hash values of messages (Kenton needs to confirm > this, but I am pretty sure). > With other words: there is no strong guarantee but in practice, it works :) > > -h > > -- > You received this message because you are subscribed to the Google Groups > "Protocol Buffers" group. > To post to this group, send email to proto...@googlegroups.com. > To unsubscribe from this group, send email to > protobuf+unsubscr...@googlegroups.com<protobuf%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/protobuf?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To post to this group, send email to proto...@googlegroups.com. To unsubscribe from this group, send email to protobuf+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/protobuf?hl=en.
