Anthony E. Greene
Fri Sep 7 15:26:02 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 7 Sep 2001, Guy Van Sanden wrote:
>Is it possible to sign files embedded?
>e.g. sign a pdf document (signature in the pdf file), and distribute it
>to people with and without pgp, so that they both can read it.
>If the document ever popped up somewhere, it would have to be
That's what clearsigning is for.
If you want to sign file that's not plain text and leave the file
unchanged, then you will need to use a detached sig. But you cannot embed
the detached sig into the file, because that changes the file and
invalidates the sig.
My recommendation is that the signer make a detached sig and archive it
along with the document. A copy of the sig would be posted on a web server
that's accessible to anyone who might need to verify the document and the
sig's URL would be included in the document.
Here's an example:
Anthony E. Greene <email@example.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05
Linux. The choice of a GNU Generation. <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <firstname.lastname@example.org> 0x6C94329D
-----END PGP SIGNATURE-----