Embedding signatures
David Shaw
dshaw at jabberwocky.com
Sun Jun 12 16:35:00 CEST 2005
On Sun, Jun 12, 2005 at 01:03:52PM +0200, Stéphane Corthésy wrote:
> On some filesystems you can add arbitrary meta data to files;
> e.g. on BSD there is a function setxattr() to set it. Why not add
> new options to gpg to support that kind of operations?
>
> 'gpg --embed-sign' would embed the signature into file's meta-data
> 'gpg --embedded-sig --verify' would verify the embedded signature of
> a file
> 'gpg --extract-sig' would extract the embedded signature of a file
> and make it a detached one
This is a very interesting idea, but you don't really need support in
GnuPG for it. You can do it purely with the regular attribute tools.
The "attr" program exists on both IRIX and Linux. I don't know about
BSD, but it should be trivial to port since it's mainly a wrapper
around getxattr and setxattr.
Embed a signature:
cat thefile | gpg --detach-sign | attr -q -s sign thefile
Verify an embedded signature:
attr -q -g sign thefile | gpg --verify - thefile
Extract an embedded signature:
attr -q -g sign thefile > thefile.sig
David
More information about the Gnupg-devel
mailing list