stephane at sente.ch
Sun Jun 12 13:03:52 CEST 2005
Has the following subject already been discussed on gnupg/OpenPGP/PGP
What about embedding document PGP signatures inside document meta-
data, when file system supports it?
When user signs a document, she usually creates a detached signature
for it, and needs to take care of taking both file and its signature
file when moving file or re-distributing it. It could be nicer for
the user to have the signature part of the file, without modifying
the file's content, this way redistribution would be easier. When
file is copied and meta data would be lost, then user could re-detach
signature and transmit it separately, and on the other side, user
could re-assemble signature and file (this could be done quite
transparently by user-level apps: a mail user agent, a web browser,
the file system browser, etc.).
On some filesystems you can add arbitrary meta data to files; e.g. on
BSD there is a function setxattr() to set it. Why not add new options
to gpg to support that kind of operations?
'gpg --embed-sign' would embed the signature into file's meta-data
'gpg --embedded-sig --verify' would verify the embedded signature of
'gpg --extract-sig' would extract the embedded signature of a file
and make it a detached one
'gpg --embed-sig' would embed a detached signature into a file
That's an informal request for comments.
More information about the Gnupg-devel