Embedding signatures

Stéphane Corthésy stephane at sente.ch
Sun Jun 12 13:03:52 CEST 2005


Has the following subject already been discussed on gnupg/OpenPGP/PGP  

What about embedding document PGP signatures inside document meta- 
data, when file system supports it?

When user signs a document, she usually creates a detached signature  
for it, and needs to take care of taking both file and its signature  
file when moving file or re-distributing it. It could be nicer for  
the user to have the signature part of the file, without modifying  
the file's content, this way redistribution would be easier. When  
file is copied and meta data would be lost, then user could re-detach  
signature and transmit it separately, and on the other side, user  
could re-assemble signature and file (this could be done quite  
transparently by user-level apps: a mail user agent, a web browser,  
the file system browser, etc.).

On some filesystems you can add arbitrary meta data to files; e.g. on  
BSD there is a function setxattr() to set it. Why not add new options  
to gpg to support that kind of operations?

'gpg --embed-sign' would embed the signature into file's meta-data
'gpg --embedded-sig --verify' would verify the embedded signature of  
a file
'gpg --extract-sig' would extract the embedded signature of a file  
and make it a detached one
'gpg --embed-sig' would embed a detached signature into a file

That's an informal request for comments.


More information about the Gnupg-devel mailing list