Signable, streamable, "readable" archive format?
Is there any archive format that offers the following:
- be digitally sign-able with a digital certificate from a trusted source like Verisign - for preventing changes to the file (I am not referring to read only, but in case the file was changed it should no longer be signed telling the user this is not the original file)
- be stream-able - be able to be opened even if not all of the content has been transferred (also not strictly linearly)
- be "readable" - be able to read the data without extracting to a temporary folder (AFAIK if you open a fil开发者_开发知识库e in a zip archive it is extracted first, and this stays true even for zip based formats like OOXML. This is not what I want)
- be portable - support on at least Windows, Linux and Mac OS X is a must, or at least future support
- be free of patents - Be open source - also preferably a license that allows commercial use(as far as i know GPL a share-alike license so it doesn't allow commercial use, BSD on the other hand allows it)
Note: Though it may come in handy eventually I can not think right now of a scenario that would require both point 1 and point 2 simultaneously. Or lets leave it a be able to check the signature only when the whole file was downloaded.
I am not interested in:
- being able to be compressed
- being supported on legacy systems
Does any existing archive format fit this description (tar evolutions like DAR and pax come to mind) ? If there is, are there programing libraries available for the above mentioned OSs? If not, would it be hard to create such a thing?
Usage scenario: I want to use this to create a new media container. Current media containers contain the audio, video and subtitle streams directly. Matroska, currently the most advanced container, has supplementary features like attachments and menus. The menu functionality however is not implemented and very limited. What I want to create is one level higher. I want to create a file similar in a way to OOXML. Also all of the menuing should be done in web technologies like HTML5 (as it is now the tag allows for any kind of codec to be used) and CSS. Also just like you have holograms on dvds to prove the authenticity I want to create a sign-able file
Research notes: Before asking this question I stumbled uppon this: Whats the best way digitally sign a zip file for download using .Net
While detached signing would be feasable for the individual files contained in this archive it is not an ellegant solution for the archive file. Not end user friendly.End users should be able to doubleclick the file to open it in a media player like VLC, and see a message that the file is legit (just like you see in a browser if the page is transmitted with SSL through HTTPS or not)
EDIT: clarified point 5
EDIT 2: added a note to clarify point 1 and 2
EDIT 3: added usage scenario
EDIT 4: added research notes section
P.S.: This is my first question on StackOverflow
I doubt that you find such format out of the box. I understand how such solution can be built with help of our SolFS, but SolFS doesn't have built-in signing (you can add signing easily).
精彩评论