I just committed support for cryptographic signatures in the File Daemon. The signatures are stored using the ASN.1 syntax I previously outlined. The code supports multiple signers, but the configuration file only supports the specification of a single signing key. You can, however, specify multiple trusted public keys, and any signatures made with those keys will be accepted.