Embedded signatures

Anthony E. Greene agreene@pobox.com
Fri Sep 7 15:26:02 2001

Hash: SHA1

On Fri, 7 Sep 2001, Guy Van Sanden wrote:

>Is it possible to sign files embedded?
>e.g. sign a pdf document (signature in the pdf file), and distribute it
>to people with and without pgp, so that they both can read it.
>If the document ever popped up somewhere, it would have to be
That's what clearsigning is for. If you want to sign file that's not plain text and leave the file unchanged, then you will need to use a detached sig. But you cannot embed the detached sig into the file, because that changes the file and invalidates the sig. My recommendation is that the signer make a detached sig and archive it along with the document. A copy of the sig would be posted on a web server that's accessible to anyone who might need to verify the document and the sig's URL would be included in the document. Here's an example: http://www.pobox.com/~agreene/example.pdf Tony - -- Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/> PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D Chat: AOL/Yahoo: TonyG05 Linux. The choice of a GNU Generation. <http://www.linux.org/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene <agreene@pobox.com> 0x6C94329D iD8DBQE7mMphpCpg3WyUI50RAp3oAKDJ3D4UuuqwB1lD5DU/Wj4qZBD7vwCg9l4M ZKS0wbFv79GTe6jMfX/abUE= =FBOs -----END PGP SIGNATURE-----