可签名、可流式传输、“可读”存档格式？

发布于 2024-10-08 13:00:06 字数 1356 浏览 11 评论 0原文

是否有任何存档格式提供以下功能：

使用来自 Verisign 等受信任来源的数字证书进行数字签名 - 用于防止对文件进行更改（我指的不是只读，但如果文件被更改，它应该不再签名，告诉用户这不是原始文件）
可流式传输 - 即使并非所有内容都已传输（也不是严格线性），也能够打开
“可读” - 能够读取数据无需提取到临时文件夹（据我所知，如果您在 zip 存档中打开文件，它会首先提取，即使对于 OOXML 等基于 zip 的格式也是如此。这不是我想要的）
可移植 - 至少在 Windows 上支持，Linux 和 Mac OS X 是必须的，或者至少未来的支持
是免费的 - 开源 - 最好是允许商业使用的许可证（据我所知 GPL 是一种类似共享的许可证，因此它不允许商业用途，BSD 另一方面允许它）

注意：虽然它最终可能会派上用场，但我现在无法想到同时需要第 1 点和第 2 点的场景。或者让它只能在下载整个文件时检查签名。

我不感兴趣的是：

能够被压缩
遗留系统支持

任何现有的存档格式是否符合此描述（想到像 DAR 和 pax 这样的 tar 演变）？如果有，是否有适用于上述操作系统的编程库？如果没有的话，创造这样的东西会不会很困难？

使用场景：我想用它来创建一个新的媒体容器。当前的媒体容器直接包含音频、视频和字幕流。 Matroska 是目前最先进的容器，具有附件和菜单等补充功能。然而，菜单功能尚未实现并且非常有限。我想要创造的是更高一个层次。我想创建一个类似于 OOXML 的文件。此外，所有菜单都应该使用 HTML5（因为现在标签允许使用任何类型的编解码器）和 CSS 等 Web 技术来完成。就像你在 DVD 上有全息图来证明真实性一样，我想创建一个可签名的文件

研究笔记：在问这个问题之前，我偶然发现了这个：数字签名的最佳方式是什么使用 .Net 下载的 zip 文件

虽然分离签名对于此存档中包含的各个文件来说是可行的，但对于存档文件来说，这并不是一个优雅的解决方案。对最终用户不友好。最终用户应该能够双击文件以在 VLC 等媒体播放器中打开它，并看到一条消息表明该文件是合法的（就像您在浏览器中看到的那样，如果页面是通过 HTTPS 使用 SSL 传输的）或不）

编辑：澄清第 5 点

编辑 2：添加注释以澄清第 1 点和第 2 点

编辑 3：添加使用场景

编辑 4：添加研究笔记部分

P.S.：这是我在 StackOverflow 上的第一个问题

原文

Is there any archive format that offers the following:

be digitally sign-able with a digital certificate from a trusted source like Verisign - for preventing changes to the file (I am not referring to read only, but in case the file was changed it should no longer be signed telling the user this is not the original file)
be stream-able - be able to be opened even if not all of the content has been transferred (also not strictly linearly)
be "readable" - be able to read the data without extracting to a temporary folder (AFAIK if you open a file in a zip archive it is extracted first, and this stays true even for zip based formats like OOXML. This is not what I want)
be portable - support on at least Windows, Linux and Mac OS X is a must, or at least future support
be free of patents - Be open source - also preferably a license that allows commercial use(as far as i know GPL a share-alike license so it doesn't allow commercial use, BSD on the other hand allows it)

Note: Though it may come in handy eventually I can not think right now of a scenario that would require both point 1 and point 2 simultaneously. Or lets leave it a be able to check the signature only when the whole file was downloaded.

I am not interested in:

being able to be compressed
being supported on legacy systems

Does any existing archive format fit this description (tar evolutions like DAR and pax come to mind) ?
If there is, are there programing libraries available for the above mentioned OSs?
If not, would it be hard to create such a thing?

Usage scenario:
I want to use this to create a new media container.
Current media containers contain the audio, video and subtitle streams directly.
Matroska, currently the most advanced container, has supplementary features like attachments and menus.
The menu functionality however is not implemented and very limited.
What I want to create is one level higher.
I want to create a file similar in a way to OOXML.
Also all of the menuing should be done in web technologies like HTML5 (as it is now the tag allows for any kind of codec to be used) and CSS.
Also just like you have holograms on dvds to prove the authenticity I want to create a sign-able file

Research notes:
Before asking this question I stumbled uppon this:
Whats the best way digitally sign a zip file for download using .Net

While detached signing would be feasable for the individual files contained in this archive it is not an ellegant solution for the archive file. Not end user friendly.End users should be able to doubleclick the file to open it in a media player like VLC, and see a message that the file is legit (just like you see in a browser if the page is transmitted with SSL through HTTPS or not)

EDIT: clarified point 5

EDIT 2: added a note to clarify point 1 and 2

EDIT 3: added usage scenario

EDIT 4: added research notes section

P.S.: This is my first question on StackOverflow

分享到QQ

分享到微博