Since XML signatures and XMLDsig in particular are difficult [1] and littered with pitfalls I was wondering if maybe the XML output of Boost::Serialization is stable enough to do a plain byte-oriented PKCSwhatever signature?

To summarize:

- C++ objects are serialized to XML with Boost::Serialization (XML is used since date has to be as human readable as possible).

- Serialized XML has to be digitally signed.

- XMLDsig is complicated [1]

Question:

Does Boost::Serialization with the XML backend produce bytewise the same data every time?

I sincerely hope that I made myself clear.

Andreas