You don’t need to zip them: you can simply combine the individual entries in one file, and all will be checked one by one.
% gpg -b -u $ID1 -o prova.c.sig1 prova.c % gpg -b -u $ID2 -o prova.c.sig2 prova.c % cat prova.c.sig1 prova.c.sig2 >prova.c.sig % gpg prova.c.sig gpg: Signature made Mar 1 Set 18:16:09 2009 CEST using RSA key ID $ID1 gpg: Good signature from "Lapo Luchini < lapo@lapo.it >" gpg: Signature made Mar 1 Set 18:16:25 2009 CEST using RSA key ID $ID2 gpg: Good signature from "Lapo Luchini < lapo@lapo.it >"
I confirmed that this also works with hard files protected by ASCII, in this case the size of the output file is not optimal, since the header is repeated for each signature, and it would be better to first concatenate the binary signatures and their ASCII-armor all this.
I don’t know the OpenPGP format to be sure, but I think you can probably also have software that, given the file and individual individual signatures, makes one attached signature with signature packages extracted from all of them, although this will require more time to implement (if at all possible: perhaps there are different packages for attached and filtered signatures, and the other cannot be converted to another, but I would put that the package is only one type).
lapo
source share