Peter TB Brett

[Mozilla NSS SignTool](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Tools/signtool) is a good example of a very standard approach to storing signatures in a `.zip`/`.jar` file (i.e. `META-INF` subdirectory containing signatures). It's used for signing Firefox extensions....

Content signing in OpenDocument containers (which are ZIP archives) is implemented by storing signatures in the `META-INF` subdirectory.

> Android actually supports whole-file signed zips in addition to the META-INF approach - it does exactly the same thing we do here - inserting the signature in the terminal...

Signed Linux kernel modules use an appended X.509 signature which seems to include all the information we care about. Might be possible to reuse that format.

@livecodefraser Per comments by @runrevmark, we need to keep revvideograbber around for use on Windows with the QuickTime parts expunged. @livecode-vulcan review not ok 2ce9b0d

@livecodeali Are these changes still needed?

@livecodeali Okay, I'll add this to the product backlog.

The audioclip & videoclip messages are addressed by #4137.

@runrevmark Did you intentionally include the hash functions refactor in this PR?

Review status: 0 of 1 files reviewed at latest revision, 6 unresolved discussions. --- _[docs/specs/package-format.md, line 24 [r1]](https://reviewable.io:443/reviews/livecode/livecode/4449#-KQzheZVOEe2wYRG6wsa:-KQzheZVOEe2wYRG6wsb:b-4el6kr) ([raw file](https://github.com/livecode/livecode/blob/5398e8e88f0d0ddccbc34e234fb462480ec799e9/docs/specs/package-format.md#L24)):_ > ``` Markdown > signing tool such as jarsigner. >...