Fix AddFile to verify actual bytes read matches declared size

Return an error if totalRead != size after reading the file,
preventing silent data corruption from truncated or oversized reads.

Closes #25

.gitignore

@@ -1,4 +1,4 @@
-/mfer.cmd
+/bin/
 /tmp
 *.tmp
 *.dockerimage

CLAUDE.md

@@ -1,20 +1,20 @@
 # Important Rules
 
-* when fixing a bug, write a failing test FIRST.  only after the test fails, write
+- when fixing a bug, write a failing test FIRST. only after the test fails, write
   the code to fix the bug. then ensure the test passes. leave the test in
   place and commit it with the bugfix. don't run shell commands to test
   bugfixes or reproduce bugs. write tests!
 
-* never, ever mention claude or anthropic in commit messages.  do not use attribution
+- never, ever mention claude or anthropic in commit messages. do not use attribution
 
-* after each change, run "make fmt".
+- after each change, run "make fmt".
 
-* after each change, run "make test" and ensure all tests pass.
+- after each change, run "make test" and ensure all tests pass.
 
-* after each change, run "make lint" and ensure no linting errors.  fix any
+- after each change, run "make lint" and ensure no linting errors. fix any
   you find, one by one.
 
-* after each change, commit the files you've changed.  push after
+- after each change, commit the files you've changed. push after
   committing.
 
-* NEVER use `git add -A`.  always add only individual files that you've changed.
+- NEVER use `git add -A`. always add only individual files that you've changed.

Makefile

@@ -17,14 +17,14 @@ GOFLAGS := -ldflags "$(GOLDFLAGS)"
 
 default: fmt test
 
-run: ./mfer.cmd
+run: ./bin/mfer
 	./$<
 	./$< gen
 
 ci: test
 
 test: $(SOURCEFILES) mfer/mf.pb.go
-	go test -v --timeout 3s ./...
+	go test -v --timeout 10s ./...
 
 $(PROTOC_GEN_GO):
 	test -e $(PROTOC_GEN_GO) || go install -v google.golang.org/protobuf/cmd/protoc-gen-go@v1.28.1
@@ -38,12 +38,12 @@ devprereqs:
 mfer/mf.pb.go: mfer/mf.proto
 	cd mfer && go generate .
 
-mfer.cmd: $(SOURCEFILES) mfer/mf.pb.go
+bin/mfer: $(SOURCEFILES) mfer/mf.pb.go
 	protoc --version
-	cd cmd/mfer && go build -tags urfave_cli_no_docs -o ../../mfer.cmd $(GOFLAGS) .
+	cd cmd/mfer && go build -tags urfave_cli_no_docs -o ../../bin/mfer $(GOFLAGS) .
 
 clean:
-	rm -rfv mfer/*.pb.go mfer.cmd cmd/mfer/mfer *.dockerimage
+	rm -rfv mfer/*.pb.go bin/mfer cmd/mfer/mfer *.dockerimage
 
 fmt: mfer/mf.pb.go
 	gofumpt -l -w mfer internal cmd

README.md

@@ -52,188 +52,6 @@ Reading file contents and computing cryptographic hashes for manifest generation
 - **NO_COLOR:** Respect the `NO_COLOR` environment variable for disabling colored output.
 - **Options pattern:** Use `NewWithOptions(opts *Options)` constructor pattern for configurable types.
 
-# Codebase Structure
-
-## cmd/mfer/
-
-### main.go
-- **Variables**
-  - `Appname string` - Application name
-  - `Version string` - Version string (set at build time)
-  - `Gitrev string` - Git revision (set at build time)
-
-## internal/cli/
-
-### entry.go
-- **Variables**
-  - `NO_COLOR bool` - Disables color output when NO_COLOR env var is set
-- **Functions**
-  - `Run(Appname, Version, Gitrev string) int` - Main entry point for the CLI
-
-### mfer.go
-- **Types**
-  - `CLIApp struct` - Main CLI application container
-- **Methods**
-  - `(*CLIApp) VersionString() string` - Returns formatted version string
-
-## internal/log/
-
-### log.go
-- **Functions**
-  - `Init()` - Initializes the logger
-  - `Info(arg string)` - Logs at info level
-  - `Infof(format string, args ...interface{})` - Logs at info level with formatting
-  - `Debug(arg string)` - Logs at debug level with caller info
-  - `Debugf(format string, args ...interface{})` - Logs at debug level with formatting and caller info
-  - `Dump(args ...interface{})` - Logs spew dump at debug level
-  - `Progressf(format string, args ...interface{})` - Prints progress message (overwrites current line)
-  - `ProgressDone()` - Completes progress line with newline
-  - `EnableDebugLogging()` - Sets log level to debug
-  - `SetLevel(arg log.Level)` - Sets log level
-  - `SetLevelFromVerbosity(l int)` - Sets log level from verbosity count
-  - `GetLevel() log.Level` - Returns current log level
-  - `GetLogger() *log.Logger` - Returns underlying logger
-  - `WithError(e error) *log.Entry` - Returns log entry with error attached
-  - `DisableStyling()` - Disables colors and styling (for NO_COLOR)
-
-## internal/scanner/
-
-### scanner.go
-- **Types**
-  - `Options struct` - Options for scanner behavior
-    - `IncludeDotfiles bool` - Include dot (hidden) files (excluded by default)
-    - `FollowSymLinks bool`
-  - `EnumerateStatus struct` - Progress information for enumeration phase
-    - `FilesFound int64`
-    - `BytesFound int64`
-  - `ScanStatus struct` - Progress information for scan phase
-    - `TotalFiles int64`
-    - `ScannedFiles int64`
-    - `TotalBytes int64`
-    - `ScannedBytes int64`
-    - `BytesPerSec float64`
-    - `ETA time.Duration`
-  - `FileEntry struct` - Represents an enumerated file
-    - `Path string` - Relative path (used in manifest)
-    - `AbsPath string` - Absolute path (used for reading file content)
-    - `Size int64`
-    - `Mtime time.Time`
-    - `Ctime time.Time`
-  - `Scanner struct` - Accumulates files and generates manifests
-- **Functions**
-  - `New() *Scanner` - Creates a new Scanner with default options
-  - `NewWithOptions(opts *Options) *Scanner` - Creates a new Scanner with given options
-- **Methods (Enumeration Phase)**
-  - `(*Scanner) EnumerateFile(path string) error` - Enumerates a single file, calling stat() for metadata
-  - `(*Scanner) EnumeratePath(inputPath string, progress chan<- EnumerateStatus) error` - Walks a directory and enumerates all files
-  - `(*Scanner) EnumeratePaths(progress chan<- EnumerateStatus, inputPaths ...string) error` - Walks multiple directories
-  - `(*Scanner) EnumerateFS(afs afero.Fs, basePath string, progress chan<- EnumerateStatus) error` - Walks an afero filesystem
-- **Methods (Accessors)**
-  - `(*Scanner) Files() []*FileEntry` - Returns copy of all enumerated files
-  - `(*Scanner) FileCount() int64` - Returns number of files
-  - `(*Scanner) TotalBytes() int64` - Returns total size of all files
-- **Methods (Scan Phase)**
-  - `(*Scanner) ToManifest(ctx context.Context, w io.Writer, progress chan<- ScanStatus) error` - Reads file contents, computes hashes, generates manifest
-
-## internal/checker/
-
-### checker.go
-- **Types**
-  - `Result struct` - Outcome of checking a single file
-    - `Path string` - File path from manifest
-    - `Status Status` - Verification status
-    - `Message string` - Error or status message
-  - `Status int` - Verification status enumeration
-    - `StatusOK` - File matches manifest
-    - `StatusMissing` - File not found
-    - `StatusSizeMismatch` - File size differs from manifest
-    - `StatusHashMismatch` - File hash differs from manifest
-    - `StatusError` - Error occurred during verification
-  - `CheckStatus struct` - Progress information for check operation
-    - `TotalFiles int64`
-    - `CheckedFiles int64`
-    - `TotalBytes int64`
-    - `CheckedBytes int64`
-    - `BytesPerSec float64`
-    - `ETA time.Duration`
-    - `Failures int64`
-  - `Checker struct` - Verifies files against a manifest
-- **Functions**
-  - `NewChecker(manifestPath string, basePath string) (*Checker, error)` - Creates a new Checker for the given manifest and base path
-- **Methods**
-  - `(s Status) String() string` - Returns string representation of status
-  - `(*Checker) FileCount() int64` - Returns number of files in the manifest
-  - `(*Checker) TotalBytes() int64` - Returns total size of all files in manifest
-  - `(*Checker) Check(ctx context.Context, results chan<- Result, progress chan<- CheckStatus) error` - Verifies all files against the manifest
-
-## mfer/
-
-### manifest.go
-- **Types**
-  - `manifest struct` - Internal representation of a manifest file
-- **Methods**
-  - `(*manifest) Files() []*MFFilePath` - Returns all file entries from a loaded manifest
-
-### builder.go
-- **Types**
-  - `FileHashProgress struct` - Progress info during file hashing (BytesRead int64)
-  - `Builder struct` - Constructs manifests by adding files one at a time
-- **Functions**
-  - `NewBuilder() *Builder` - Creates a new Builder
-- **Methods**
-  - `(*Builder) AddFile(path string, size int64, mtime time.Time, reader io.Reader, progress chan<- FileHashProgress) (int64, error)` - Reads file, computes hash, adds to manifest
-  - `(*Builder) AddFileWithHash(path string, size int64, mtime time.Time, hash []byte)` - Adds file with pre-computed hash
-  - `(*Builder) FileCount() int` - Returns number of files added
-  - `(*Builder) Build(w io.Writer) error` - Finalizes and writes manifest
-
-### serialize.go
-- **Constants**
-  - `MAGIC string` - Magic bytes prefix for manifest files ("ZNAVSRFG")
-
-### deserialize.go
-- **Functions**
-  - `NewManifestFromReader(input io.Reader) (*manifest, error)` - Reads and parses manifest from io.Reader
-  - `NewManifestFromFile(fs afero.Fs, path string) (*manifest, error)` - Reads and parses manifest from file path
-
-### mf.pb.go (generated from mf.proto)
-- **Enum Types**
-  - `MFFileOuter_Version` - Outer file format version
-    - `MFFileOuter_VERSION_NONE`
-    - `MFFileOuter_VERSION_ONE`
-  - `MFFileOuter_CompressionType` - Compression type for inner message
-    - `MFFileOuter_COMPRESSION_NONE`
-    - `MFFileOuter_COMPRESSION_ZSTD`
-  - `MFFile_Version` - Inner file format version
-    - `MFFile_VERSION_NONE`
-    - `MFFile_VERSION_ONE`
-- **Message Types**
-  - `Timestamp struct` - Timestamp with seconds and nanoseconds
-    - `GetSeconds() int64`
-    - `GetNanos() int32`
-  - `MFFileOuter struct` - Outer wrapper containing compressed/signed inner message
-    - `GetVersion() MFFileOuter_Version`
-    - `GetCompressionType() MFFileOuter_CompressionType`
-    - `GetSize() int64`
-    - `GetSha256() []byte`
-    - `GetInnerMessage() []byte`
-    - `GetSignature() []byte`
-    - `GetSigner() []byte`
-    - `GetSigningPubKey() []byte`
-  - `MFFilePath struct` - Individual file entry in manifest
-    - `GetPath() string`
-    - `GetSize() int64`
-    - `GetHashes() []*MFFileChecksum`
-    - `GetMimeType() string`
-    - `GetMtime() *Timestamp`
-    - `GetCtime() *Timestamp`
-    - `GetAtime() *Timestamp`
-  - `MFFileChecksum struct` - File checksum using multihash
-    - `GetMultiHash() []byte`
-  - `MFFile struct` - Inner manifest containing file list
-    - `GetVersion() MFFile_Version`
-    - `GetFiles() []*MFFilePath`
-    - `GetCreatedAt() *Timestamp`
-
 # Build Status
 
 [![Build Status](https://drone.datavi.be/api/badges/sneak/mfer/status.svg)](https://drone.datavi.be/sneak/mfer)
@@ -253,7 +71,6 @@ requests](https://git.eeqj.de/sneak/mfer/pulls) and pass CI to be merged.
 Any changes submitted to this project must also be
 [WTFPL-licensed](https://wtfpl.net) to be considered.
 
-
 # Problem Statement
 
 Given a plain URL, there is no standard way to safely and programmatically
@@ -424,13 +241,13 @@ desired username for an account on this Gitea instance.
 
 ## Links
 
-* Repo: [https://git.eeqj.de/sneak/mfer](https://git.eeqj.de/sneak/mfer)
-* Issues: [https://git.eeqj.de/sneak/mfer/issues](https://git.eeqj.de/sneak/mfer/issues)
+- Repo: [https://git.eeqj.de/sneak/mfer](https://git.eeqj.de/sneak/mfer)
+- Issues: [https://git.eeqj.de/sneak/mfer/issues](https://git.eeqj.de/sneak/mfer/issues)
 
 # Authors
 
-* [@sneak &lt;sneak@sneak.berlin&gt;](mailto:sneak@sneak.berlin)
+- [@sneak &lt;sneak@sneak.berlin&gt;](mailto:sneak@sneak.berlin)
 
 # License
 
-* [WTFPL](https://wtfpl.net)
+- [WTFPL](https://wtfpl.net)

TODO.md

@@ -0,0 +1,122 @@
+# TODO: mfer 1.0
+
+## Design Questions
+
+*sneak: please answer inline below each question. These are preserved for posterity.*
+
+### Format Design
+
+**1. Should `MFFileChecksum` be simplified?**
+Currently it's a separate message wrapping a single `bytes multiHash` field. Since multihash already self-describes the algorithm, `repeated bytes hashes` directly on `MFFilePath` would be simpler and reduce per-file protobuf overhead. Is the extra message layer intentional (e.g. planning to add per-hash metadata like `verified_at`)?
+
+> *answer:*
+
+**2. Should file permissions/mode be stored?**
+The format stores mtime/ctime but not Unix file permissions. For archival use (ExFAT, filesystem-independent checksums) this may not matter, but for software distribution or filesystem restoration it's a gap. Should we reserve a field now (e.g. `optional uint32 mode = 305`) even if we don't populate it yet?
+
+> *answer:*
+
+**3. Should `atime` be removed from the schema?**
+Access time is volatile, non-deterministic, and often disabled (`noatime`). Including it means two manifests of the same directory at different times will differ, which conflicts with the determinism goal. Remove it, or document it as "never set by default"?
+
+> *answer:*
+
+**4. What are the path normalization rules?**
+The proto has `string path` with no specification about: always forward-slash? Must be relative? No `..` components allowed? UTF-8 NFC vs NFD normalization (macOS vs Linux)? Max path length? This is a security issue (path traversal) and a cross-platform compatibility issue. What rules should the spec mandate?
+
+> *answer:*
+
+**5. Should we add a version byte after the magic?**
+Currently `ZNAVSRFG` is followed immediately by protobuf. Adding a version byte (`ZNAVSRFG\x01`) would allow future framing changes without requiring protobuf parsing to detect the version. `MFFileOuter.Version` serves this purpose but requires successful deserialization to read. Worth the extra byte?
+
+> *answer:*
+
+**6. Should we add a length-prefix after the magic?**
+Protobuf is not self-delimiting. If we ever want to concatenate manifests or append data after the protobuf, the current framing is insufficient. Add a varint or fixed-width length-prefix?
+
+> *answer:*
+
+### Signature Design
+
+**7. What does the outer SHA-256 hash cover — compressed or uncompressed data?**
+The review notes it currently hashes compressed data (good for verifying before decompression), but this should be explicitly documented. Which is the intended behavior?
+
+> *answer:*
+
+**8. Should `signatureString()` sign raw bytes instead of a hex-encoded string?**
+Currently the canonical string is `MAGIC-UUID-MULTIHASH` with hex encoding, which adds a transformation layer. Signing the raw `sha256` bytes (or compressed `innerMessage` directly) would be simpler. Keep the string format or switch to raw bytes?
+
+> *answer:*
+
+**9. Should we support detached signature files (`.mf.sig`)?**
+Embedded signatures are better for single-file distribution. Detached `.mf.sig` files follow the familiar `SHASUMS`/`SHASUMS.asc` pattern and are simpler for HTTP serving. Support both modes?
+
+> *answer:*
+
+**10. GPG vs pure-Go crypto for signatures?**
+Shelling out to `gpg` is fragile (may not be installed, version-dependent output). `github.com/ProtonMail/go-crypto` provides pure-Go OpenPGP, or we could go Ed25519/signify (simpler, no key management). Which direction?
+
+> *answer:*
+
+### Implementation Design
+
+**11. Should manifests be deterministic by default?**
+This means: sort file entries by path, omit `createdAt` timestamp (or make it opt-in), no `atime`. Should determinism be the default, with a `--include-timestamps` flag to opt in?
+
+> *answer:*
+
+**12. Should we consolidate or keep both scanner/checker implementations?**
+There are two parallel implementations: `mfer/scanner.go` + `mfer/checker.go` (typed with `FileSize`, `RelFilePath`) and `internal/scanner/` + `internal/checker/` (raw `int64`, `string`). The `mfer/` versions are superior. Delete the `internal/` versions?
+
+> *answer:*
+
+**13. Should the `manifest` type be exported?**
+Currently unexported with exported constructors (`New`, `NewFromPaths`, etc.). Consumers can't declare `var m *mfer.manifest`. Export the type, or define an interface?
+
+> *answer:*
+
+**14. What should the Go module path be for 1.0?**
+Currently mixed between `sneak.berlin/go/mfer` and `git.eeqj.de/sneak/mfer`. Which is canonical?
+
+> *answer:*
+
+---
+
+## Implementation Plan
+
+### Phase 1: Foundation (format correctness)
+
+- [ ] Delete `internal/scanner/` and `internal/checker/` — consolidate on `mfer/` package versions; update CLI code
+- [ ] Add deterministic file ordering — sort entries by path (lexicographic, byte-order) in `Builder.Build()`; add test asserting byte-identical output from two runs
+- [ ] Add decompression size limit — `io.LimitReader` in `deserializeInner()` with `m.pbOuter.Size` as bound
+- [ ] Fix `errors.Is` dead code in checker — replace with `os.IsNotExist(err)` or `errors.Is(err, fs.ErrNotExist)`
+- [ ] Fix `AddFile` to verify size — check `totalRead == size` after reading, return error on mismatch
+- [ ] Specify path invariants — add proto comments (UTF-8, forward-slash, relative, no `..`, no leading `/`); validate in `Builder.AddFile` and `Builder.AddFileWithHash`
+
+### Phase 2: CLI polish
+
+- [ ] Fix flag naming — all CLI flags use kebab-case as primary (`--include-dotfiles`, `--follow-symlinks`)
+- [ ] Fix URL construction in fetch — use `BaseURL.JoinPath()` or `url.JoinPath()` instead of string concatenation
+- [ ] Add progress rate-limiting to Checker — throttle to once per second, matching Scanner
+- [ ] Add `--deterministic` flag (or make it default) — omit `createdAt`, sort files
+
+### Phase 3: Robustness
+
+- [ ] Replace GPG subprocess with pure-Go crypto — `github.com/ProtonMail/go-crypto` or Ed25519/signify
+- [ ] Add timeout to any remaining subprocess calls
+- [ ] Add fuzzing tests for `NewManifestFromReader`
+- [ ] Add retry logic to fetch — exponential backoff for transient HTTP errors
+
+### Phase 4: Format finalization
+
+- [ ] Remove or deprecate `atime` from proto (pending design question answer)
+- [ ] Reserve `optional uint32 mode = 305` in `MFFilePath` for future file permissions
+- [ ] Add version byte after magic — `ZNAVSRFG\x01` for format version 1
+- [ ] Write format specification document — separate from README: magic, outer structure, compression, inner structure, path invariants, signature scheme, canonical serialization
+
+### Phase 5: Release prep
+
+- [ ] Finalize Go module path
+- [ ] Audit all error messages for consistency and helpfulness
+- [ ] Add `--version` output matching SemVer
+- [ ] Tag v1.0.0

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/apex/log v1.9.0
 	github.com/davecgh/go-spew v1.1.1
 	github.com/dustin/go-humanize v1.0.1
+	github.com/google/uuid v1.1.2
 	github.com/klauspost/compress v1.18.2
 	github.com/multiformats/go-multihash v0.2.3
 	github.com/pterm/pterm v0.12.35

go.sum

@@ -135,6 +135,7 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=

internal/checker/checker.go

@@ -0,0 +1,281 @@
+package checker
+
+import (
+	"bytes"
+	"context"
+	"crypto/sha256"
+	"errors"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/multiformats/go-multihash"
+	"github.com/spf13/afero"
+	"sneak.berlin/go/mfer/mfer"
+)
+
+// Result represents the outcome of checking a single file.
+type Result struct {
+	Path    string // Relative path from manifest
+	Status  Status // Verification result status
+	Message string // Human-readable description of the result
+}
+
+// Status represents the verification status of a file.
+type Status int
+
+const (
+	StatusOK           Status = iota // File matches manifest (size and hash verified)
+	StatusMissing                    // File not found on disk
+	StatusSizeMismatch               // File size differs from manifest
+	StatusHashMismatch               // File hash differs from manifest
+	StatusExtra                      // File exists on disk but not in manifest
+	StatusError                      // Error occurred during verification
+)
+
+func (s Status) String() string {
+	switch s {
+	case StatusOK:
+		return "OK"
+	case StatusMissing:
+		return "MISSING"
+	case StatusSizeMismatch:
+		return "SIZE_MISMATCH"
+	case StatusHashMismatch:
+		return "HASH_MISMATCH"
+	case StatusExtra:
+		return "EXTRA"
+	case StatusError:
+		return "ERROR"
+	default:
+		return "UNKNOWN"
+	}
+}
+
+// CheckStatus contains progress information for the check operation.
+type CheckStatus struct {
+	TotalFiles   int64   // Total number of files in manifest
+	CheckedFiles int64   // Number of files checked so far
+	TotalBytes   int64   // Total bytes to verify (sum of all file sizes)
+	CheckedBytes int64   // Bytes verified so far
+	BytesPerSec  float64 // Current throughput rate
+	Failures     int64   // Number of verification failures encountered
+}
+
+// Checker verifies files against a manifest.
+type Checker struct {
+	basePath string
+	files    []*mfer.MFFilePath
+	fs       afero.Fs
+	// manifestPaths is a set of paths in the manifest for quick lookup
+	manifestPaths map[string]struct{}
+}
+
+// NewChecker creates a new Checker for the given manifest, base path, and filesystem.
+// The basePath is the directory relative to which manifest paths are resolved.
+// If fs is nil, the real filesystem (OsFs) is used.
+func NewChecker(manifestPath string, basePath string, fs afero.Fs) (*Checker, error) {
+	if fs == nil {
+		fs = afero.NewOsFs()
+	}
+
+	m, err := mfer.NewManifestFromFile(fs, manifestPath)
+	if err != nil {
+		return nil, err
+	}
+
+	abs, err := filepath.Abs(basePath)
+	if err != nil {
+		return nil, err
+	}
+
+	files := m.Files()
+	manifestPaths := make(map[string]struct{}, len(files))
+	for _, f := range files {
+		manifestPaths[f.Path] = struct{}{}
+	}
+
+	return &Checker{
+		basePath:      abs,
+		files:         files,
+		fs:            fs,
+		manifestPaths: manifestPaths,
+	}, nil
+}
+
+// FileCount returns the number of files in the manifest.
+func (c *Checker) FileCount() int64 {
+	return int64(len(c.files))
+}
+
+// TotalBytes returns the total size of all files in the manifest.
+func (c *Checker) TotalBytes() int64 {
+	var total int64
+	for _, f := range c.files {
+		total += f.Size
+	}
+	return total
+}
+
+// Check verifies all files against the manifest.
+// Results are sent to the results channel as files are checked.
+// Progress updates are sent to the progress channel approximately once per second.
+// Both channels are closed when the method returns.
+func (c *Checker) Check(ctx context.Context, results chan<- Result, progress chan<- CheckStatus) error {
+	if results != nil {
+		defer close(results)
+	}
+	if progress != nil {
+		defer close(progress)
+	}
+
+	totalFiles := int64(len(c.files))
+	totalBytes := c.TotalBytes()
+
+	var checkedFiles int64
+	var checkedBytes int64
+	var failures int64
+
+	for _, entry := range c.files {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
+		result := c.checkFile(entry, &checkedBytes)
+		if result.Status != StatusOK {
+			failures++
+		}
+		checkedFiles++
+
+		if results != nil {
+			results <- result
+		}
+
+		// Send progress (simplified - every file for now)
+		if progress != nil {
+			sendCheckStatus(progress, CheckStatus{
+				TotalFiles:   totalFiles,
+				CheckedFiles: checkedFiles,
+				TotalBytes:   totalBytes,
+				CheckedBytes: checkedBytes,
+				Failures:     failures,
+			})
+		}
+	}
+
+	return nil
+}
+
+func (c *Checker) checkFile(entry *mfer.MFFilePath, checkedBytes *int64) Result {
+	absPath := filepath.Join(c.basePath, entry.Path)
+
+	// Check if file exists
+	info, err := c.fs.Stat(absPath)
+	if err != nil {
+		if errors.Is(err, afero.ErrFileNotFound) || errors.Is(err, errors.New("file does not exist")) {
+			return Result{Path: entry.Path, Status: StatusMissing, Message: "file not found"}
+		}
+		// Check for "file does not exist" style errors
+		exists, _ := afero.Exists(c.fs, absPath)
+		if !exists {
+			return Result{Path: entry.Path, Status: StatusMissing, Message: "file not found"}
+		}
+		return Result{Path: entry.Path, Status: StatusError, Message: err.Error()}
+	}
+
+	// Check size
+	if info.Size() != entry.Size {
+		*checkedBytes += info.Size()
+		return Result{
+			Path:    entry.Path,
+			Status:  StatusSizeMismatch,
+			Message: "size mismatch",
+		}
+	}
+
+	// Open and hash file
+	f, err := c.fs.Open(absPath)
+	if err != nil {
+		return Result{Path: entry.Path, Status: StatusError, Message: err.Error()}
+	}
+	defer f.Close()
+
+	h := sha256.New()
+	n, err := io.Copy(h, f)
+	if err != nil {
+		return Result{Path: entry.Path, Status: StatusError, Message: err.Error()}
+	}
+	*checkedBytes += n
+
+	// Encode as multihash and compare
+	computed, err := multihash.Encode(h.Sum(nil), multihash.SHA2_256)
+	if err != nil {
+		return Result{Path: entry.Path, Status: StatusError, Message: err.Error()}
+	}
+
+	// Check against all hashes in manifest (at least one must match)
+	for _, hash := range entry.Hashes {
+		if bytes.Equal(computed, hash.MultiHash) {
+			return Result{Path: entry.Path, Status: StatusOK}
+		}
+	}
+
+	return Result{Path: entry.Path, Status: StatusHashMismatch, Message: "hash mismatch"}
+}
+
+// FindExtraFiles walks the filesystem and reports files not in the manifest.
+// Results are sent to the results channel. The channel is closed when done.
+func (c *Checker) FindExtraFiles(ctx context.Context, results chan<- Result) error {
+	if results != nil {
+		defer close(results)
+	}
+
+	return afero.Walk(c.fs, c.basePath, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
+		// Skip directories
+		if info.IsDir() {
+			return nil
+		}
+
+		// Get relative path
+		relPath, err := filepath.Rel(c.basePath, path)
+		if err != nil {
+			return err
+		}
+
+		// Check if path is in manifest
+		if _, exists := c.manifestPaths[relPath]; !exists {
+			if results != nil {
+				results <- Result{
+					Path:    relPath,
+					Status:  StatusExtra,
+					Message: "not in manifest",
+				}
+			}
+		}
+
+		return nil
+	})
+}
+
+// sendCheckStatus sends a status update without blocking.
+func sendCheckStatus(ch chan<- CheckStatus, status CheckStatus) {
+	if ch == nil {
+		return
+	}
+	select {
+	case ch <- status:
+	default:
+	}
+}

internal/cli/check.go

@@ -1,8 +1,10 @@
 package cli
 
 import (
+	"encoding/hex"
 	"fmt"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"github.com/dustin/go-humanize"
@@ -68,6 +70,35 @@ func (mfa *CLIApp) checkManifestOperation(ctx *cli.Context) error {
 		return fmt.Errorf("failed to load manifest: %w", err)
 	}
 
+	// Check signature requirement
+	requiredSigner := ctx.String("require-signature")
+	if requiredSigner != "" {
+		// Validate fingerprint format: must be exactly 40 hex characters
+		if len(requiredSigner) != 40 {
+			return fmt.Errorf("invalid fingerprint: must be exactly 40 hex characters, got %d", len(requiredSigner))
+		}
+		if _, err := hex.DecodeString(requiredSigner); err != nil {
+			return fmt.Errorf("invalid fingerprint: must be valid hex: %w", err)
+		}
+
+		if !chk.IsSigned() {
+			return fmt.Errorf("manifest is not signed, but signature from %s is required", requiredSigner)
+		}
+
+		// Extract fingerprint from the embedded public key (not from the signer field)
+		// This validates the key is importable and gets its actual fingerprint
+		embeddedFP, err := chk.ExtractEmbeddedSigningKeyFP()
+		if err != nil {
+			return fmt.Errorf("failed to extract fingerprint from embedded signing key: %w", err)
+		}
+
+		// Compare fingerprints - must be exact match (case-insensitive)
+		if !strings.EqualFold(embeddedFP, requiredSigner) {
+			return fmt.Errorf("embedded signing key fingerprint %s does not match required %s", embeddedFP, requiredSigner)
+		}
+		log.Infof("manifest signature verified (signer: %s)", embeddedFP)
+	}
+
 	log.Infof("manifest contains %d files, %s", chk.FileCount(), humanize.IBytes(uint64(chk.TotalBytes())))
 
 	// Set up results channel

internal/cli/entry_test.go

@@ -65,9 +65,9 @@ func TestGenerateCommand(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test files in memory filesystem
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("test content"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("test content"), 0o644))
 
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/testdir/test.mf", "/testdir"}, fs)
 
@@ -85,9 +85,9 @@ func TestGenerateAndCheckCommand(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test files with subdirectory
-	require.NoError(t, fs.MkdirAll("/testdir/subdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/subdir/file2.txt", []byte("test content"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir/subdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/subdir/file2.txt", []byte("test content"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/testdir/test.mf", "/testdir"}, fs)
@@ -104,8 +104,8 @@ func TestCheckCommandWithMissingFile(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test file
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/testdir/test.mf", "/testdir"}, fs)
@@ -125,8 +125,8 @@ func TestCheckCommandWithCorruptedFile(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test file
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/testdir/test.mf", "/testdir"}, fs)
@@ -134,7 +134,7 @@ func TestCheckCommandWithCorruptedFile(t *testing.T) {
 	require.Equal(t, 0, exitCode, "generate failed: %s", opts.Stderr.(*bytes.Buffer).String())
 
 	// Corrupt the file (change content but keep same size)
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("HELLO WORLD"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("HELLO WORLD"), 0o644))
 
 	// Check manifest - should fail with hash mismatch
 	opts = testOpts([]string{"mfer", "check", "-q", "--base", "/testdir", "/testdir/test.mf"}, fs)
@@ -146,8 +146,8 @@ func TestCheckCommandWithSizeMismatch(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test file
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello world"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/testdir/test.mf", "/testdir"}, fs)
@@ -155,7 +155,7 @@ func TestCheckCommandWithSizeMismatch(t *testing.T) {
 	require.Equal(t, 0, exitCode, "generate failed: %s", opts.Stderr.(*bytes.Buffer).String())
 
 	// Change file size
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("different size content here"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("different size content here"), 0o644))
 
 	// Check manifest - should fail with size mismatch
 	opts = testOpts([]string{"mfer", "check", "-q", "--base", "/testdir", "/testdir/test.mf"}, fs)
@@ -167,8 +167,8 @@ func TestBannerOutput(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test file
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
 
 	// Run without -q to see banner
 	opts := testOpts([]string{"mfer", "generate", "-o", "/testdir/test.mf", "/testdir"}, fs)
@@ -193,9 +193,9 @@ func TestGenerateExcludesDotfilesByDefault(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test files including dotfiles
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/.hidden", []byte("secret"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/.hidden", []byte("secret"), 0o644))
 
 	// Generate manifest without --include-dotfiles (default excludes dotfiles)
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/testdir/test.mf", "/testdir"}, fs)
@@ -217,9 +217,9 @@ func TestGenerateWithIncludeDotfiles(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test files including dotfiles
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/.hidden", []byte("secret"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/.hidden", []byte("secret"), 0o644))
 
 	// Generate manifest with --include-dotfiles
 	opts := testOpts([]string{"mfer", "generate", "-q", "--include-dotfiles", "-o", "/testdir/test.mf", "/testdir"}, fs)
@@ -236,10 +236,10 @@ func TestMultipleInputPaths(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test files in multiple directories
-	require.NoError(t, fs.MkdirAll("/dir1", 0755))
-	require.NoError(t, fs.MkdirAll("/dir2", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/dir1/file1.txt", []byte("content1"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/dir2/file2.txt", []byte("content2"), 0644))
+	require.NoError(t, fs.MkdirAll("/dir1", 0o755))
+	require.NoError(t, fs.MkdirAll("/dir2", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/dir1/file1.txt", []byte("content1"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/dir2/file2.txt", []byte("content2"), 0o644))
 
 	// Generate manifest from multiple paths
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/output.mf", "/dir1", "/dir2"}, fs)
@@ -254,9 +254,9 @@ func TestNoExtraFilesPass(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test files
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("world"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("world"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/manifest.mf", "/testdir"}, fs)
@@ -273,8 +273,8 @@ func TestNoExtraFilesFail(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test files
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/manifest.mf", "/testdir"}, fs)
@@ -282,7 +282,7 @@ func TestNoExtraFilesFail(t *testing.T) {
 	require.Equal(t, 0, exitCode)
 
 	// Add an extra file after manifest generation
-	require.NoError(t, afero.WriteFile(fs, "/testdir/extra.txt", []byte("extra"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/extra.txt", []byte("extra"), 0o644))
 
 	// Check with --no-extra-files (should fail - extra file exists)
 	opts = testOpts([]string{"mfer", "check", "-q", "--no-extra-files", "--base", "/testdir", "/manifest.mf"}, fs)
@@ -294,9 +294,9 @@ func TestNoExtraFilesWithSubdirectory(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test files with subdirectory
-	require.NoError(t, fs.MkdirAll("/testdir/subdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/subdir/file2.txt", []byte("world"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir/subdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/subdir/file2.txt", []byte("world"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/manifest.mf", "/testdir"}, fs)
@@ -304,7 +304,7 @@ func TestNoExtraFilesWithSubdirectory(t *testing.T) {
 	require.Equal(t, 0, exitCode)
 
 	// Add extra file in subdirectory
-	require.NoError(t, afero.WriteFile(fs, "/testdir/subdir/extra.txt", []byte("extra"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/subdir/extra.txt", []byte("extra"), 0o644))
 
 	// Check with --no-extra-files (should fail)
 	opts = testOpts([]string{"mfer", "check", "-q", "--no-extra-files", "--base", "/testdir", "/manifest.mf"}, fs)
@@ -316,8 +316,8 @@ func TestCheckWithoutNoExtraFilesIgnoresExtra(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test file
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/manifest.mf", "/testdir"}, fs)
@@ -325,7 +325,7 @@ func TestCheckWithoutNoExtraFilesIgnoresExtra(t *testing.T) {
 	require.Equal(t, 0, exitCode)
 
 	// Add extra file
-	require.NoError(t, afero.WriteFile(fs, "/testdir/extra.txt", []byte("extra"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/extra.txt", []byte("extra"), 0o644))
 
 	// Check WITHOUT --no-extra-files (should pass - extra files ignored)
 	opts = testOpts([]string{"mfer", "check", "-q", "--base", "/testdir", "/manifest.mf"}, fs)
@@ -337,8 +337,8 @@ func TestGenerateAtomicWriteNoTempFileOnSuccess(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test file
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/output.mf", "/testdir"}, fs)
@@ -360,11 +360,11 @@ func TestGenerateAtomicWriteOverwriteWithForce(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test file
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
 
 	// Create existing manifest with different content
-	require.NoError(t, afero.WriteFile(fs, "/output.mf", []byte("old content"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/output.mf", []byte("old content"), 0o644))
 
 	// Generate manifest with --force
 	opts := testOpts([]string{"mfer", "generate", "-q", "-f", "-o", "/output.mf", "/testdir"}, fs)
@@ -386,11 +386,11 @@ func TestGenerateFailsWithoutForceWhenOutputExists(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test file
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
 
 	// Create existing manifest
-	require.NoError(t, afero.WriteFile(fs, "/output.mf", []byte("existing"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/output.mf", []byte("existing"), 0o644))
 
 	// Generate manifest WITHOUT --force (should fail)
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/output.mf", "/testdir"}, fs)
@@ -411,8 +411,8 @@ func TestGenerateAtomicWriteUsesTemp(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create test file
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("hello"), 0o644))
 
 	// Generate manifest
 	opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/output.mf", "/testdir"}, fs)
@@ -464,8 +464,8 @@ func TestGenerateAtomicWriteCleansUpOnError(t *testing.T) {
 	baseFs := afero.NewMemMapFs()
 
 	// Create test files - need enough content to trigger the write failure
-	require.NoError(t, baseFs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(baseFs, "/testdir/file1.txt", []byte("hello world this is a test file"), 0644))
+	require.NoError(t, baseFs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(baseFs, "/testdir/file1.txt", []byte("hello world this is a test file"), 0o644))
 
 	// Wrap with failing writer that fails after writing some bytes
 	fs := &failingWriterFs{Fs: baseFs, failAfter: 10}
@@ -489,8 +489,8 @@ func TestGenerateValidatesInputPaths(t *testing.T) {
 	fs := afero.NewMemMapFs()
 
 	// Create one valid directory
-	require.NoError(t, fs.MkdirAll("/validdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/validdir/file.txt", []byte("content"), 0644))
+	require.NoError(t, fs.MkdirAll("/validdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/validdir/file.txt", []byte("content"), 0o644))
 
 	t.Run("nonexistent path fails fast", func(t *testing.T) {
 		opts := testOpts([]string{"mfer", "generate", "-q", "-o", "/output.mf", "/nonexistent"}, fs)
@@ -527,7 +527,7 @@ func TestCheckDetectsManifestCorruption(t *testing.T) {
 
 	// Create many small files with random names to generate a ~1MB manifest
 	// Each manifest entry is roughly 50-60 bytes, so we need ~20000 files
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
 
 	numFiles := 20000
 	for i := 0; i < numFiles; i++ {
@@ -536,7 +536,7 @@ func TestCheckDetectsManifestCorruption(t *testing.T) {
 		// Small random content
 		content := make([]byte, 16+rng.Intn(48))
 		rng.Read(content)
-		require.NoError(t, afero.WriteFile(fs, filename, content, 0644))
+		require.NoError(t, afero.WriteFile(fs, filename, content, 0o644))
 	}
 
 	// Generate manifest outside of testdir
@@ -551,7 +551,7 @@ func TestCheckDetectsManifestCorruption(t *testing.T) {
 	t.Logf("manifest size: %d bytes (%d files)", len(validManifest), numFiles)
 
 	// First corruption: truncate the manifest
-	require.NoError(t, afero.WriteFile(fs, "/manifest.mf", validManifest[:len(validManifest)/2], 0644))
+	require.NoError(t, afero.WriteFile(fs, "/manifest.mf", validManifest[:len(validManifest)/2], 0o644))
 
 	// Check should fail with truncated manifest
 	opts = testOpts([]string{"mfer", "check", "-q", "--base", "/testdir", "/manifest.mf"}, fs)
@@ -559,7 +559,7 @@ func TestCheckDetectsManifestCorruption(t *testing.T) {
 	assert.Equal(t, 1, exitCode, "check should fail with truncated manifest")
 
 	// Verify check passes with valid manifest
-	require.NoError(t, afero.WriteFile(fs, "/manifest.mf", validManifest, 0644))
+	require.NoError(t, afero.WriteFile(fs, "/manifest.mf", validManifest, 0o644))
 	opts = testOpts([]string{"mfer", "check", "-q", "--base", "/testdir", "/manifest.mf"}, fs)
 	exitCode = RunWithOptions(opts)
 	require.Equal(t, 0, exitCode, "check should pass with valid manifest")
@@ -579,7 +579,7 @@ func TestCheckDetectsManifestCorruption(t *testing.T) {
 		}
 		corrupted[offset] = newByte
 
-		require.NoError(t, afero.WriteFile(fs, "/manifest.mf", corrupted, 0644))
+		require.NoError(t, afero.WriteFile(fs, "/manifest.mf", corrupted, 0o644))
 
 		// Check should fail with corrupted manifest
 		opts = testOpts([]string{"mfer", "check", "-q", "--base", "/testdir", "/manifest.mf"}, fs)
@@ -588,6 +588,6 @@ func TestCheckDetectsManifestCorruption(t *testing.T) {
 			i, offset, originalByte, newByte)
 
 		// Restore valid manifest for next iteration
-		require.NoError(t, afero.WriteFile(fs, "/manifest.mf", validManifest, 0644))
+		require.NoError(t, afero.WriteFile(fs, "/manifest.mf", validManifest, 0o644))
 	}
 }

internal/cli/fetch.go

@@ -257,7 +257,7 @@ func downloadFile(fileURL, localPath string, entry *mfer.MFFilePath, progress ch
 	// Create parent directories if needed
 	dir := filepath.Dir(localPath)
 	if dir != "" && dir != "." {
-		if err := os.MkdirAll(dir, 0755); err != nil {
+		if err := os.MkdirAll(dir, 0o755); err != nil {
 			return err
 		}
 	}

internal/cli/fetch_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"sneak.berlin/go/mfer/internal/scanner"
 	"sneak.berlin/go/mfer/mfer"
 )
 
@@ -107,15 +106,15 @@ func TestFetchFromHTTP(t *testing.T) {
 	for path, content := range testFiles {
 		fullPath := "/" + path // MemMapFs needs absolute paths
 		dir := filepath.Dir(fullPath)
-		require.NoError(t, sourceFs.MkdirAll(dir, 0755))
-		require.NoError(t, afero.WriteFile(sourceFs, fullPath, content, 0644))
+		require.NoError(t, sourceFs.MkdirAll(dir, 0o755))
+		require.NoError(t, afero.WriteFile(sourceFs, fullPath, content, 0o644))
 	}
 
 	// Generate manifest using scanner
-	opts := &scanner.Options{
+	opts := &mfer.ScannerOptions{
 		Fs: sourceFs,
 	}
-	s := scanner.NewWithOptions(opts)
+	s := mfer.NewScannerWithOptions(opts)
 	require.NoError(t, s.EnumerateFS(sourceFs, "/", nil))
 
 	var manifestBuf bytes.Buffer
@@ -197,11 +196,11 @@ func TestFetchHashMismatch(t *testing.T) {
 	// Create source filesystem with a test file
 	sourceFs := afero.NewMemMapFs()
 	originalContent := []byte("Original content")
-	require.NoError(t, afero.WriteFile(sourceFs, "/file.txt", originalContent, 0644))
+	require.NoError(t, afero.WriteFile(sourceFs, "/file.txt", originalContent, 0o644))
 
 	// Generate manifest
-	opts := &scanner.Options{Fs: sourceFs}
-	s := scanner.NewWithOptions(opts)
+	opts := &mfer.ScannerOptions{Fs: sourceFs}
+	s := mfer.NewScannerWithOptions(opts)
 	require.NoError(t, s.EnumerateFS(sourceFs, "/", nil))
 
 	var manifestBuf bytes.Buffer
@@ -249,11 +248,11 @@ func TestFetchSizeMismatch(t *testing.T) {
 	// Create source filesystem with a test file
 	sourceFs := afero.NewMemMapFs()
 	originalContent := []byte("Original content with specific size")
-	require.NoError(t, afero.WriteFile(sourceFs, "/file.txt", originalContent, 0644))
+	require.NoError(t, afero.WriteFile(sourceFs, "/file.txt", originalContent, 0o644))
 
 	// Generate manifest
-	opts := &scanner.Options{Fs: sourceFs}
-	s := scanner.NewWithOptions(opts)
+	opts := &mfer.ScannerOptions{Fs: sourceFs}
+	s := mfer.NewScannerWithOptions(opts)
 	require.NoError(t, s.EnumerateFS(sourceFs, "/", nil))
 
 	var manifestBuf bytes.Buffer
@@ -298,11 +297,11 @@ func TestFetchProgress(t *testing.T) {
 	sourceFs := afero.NewMemMapFs()
 	// Create content large enough to trigger multiple progress updates
 	content := bytes.Repeat([]byte("x"), 100*1024) // 100KB
-	require.NoError(t, afero.WriteFile(sourceFs, "/large.txt", content, 0644))
+	require.NoError(t, afero.WriteFile(sourceFs, "/large.txt", content, 0o644))
 
 	// Generate manifest
-	opts := &scanner.Options{Fs: sourceFs}
-	s := scanner.NewWithOptions(opts)
+	opts := &mfer.ScannerOptions{Fs: sourceFs}
+	s := mfer.NewScannerWithOptions(opts)
 	require.NoError(t, s.EnumerateFS(sourceFs, "/", nil))
 
 	var manifestBuf bytes.Buffer

internal/cli/freshen.go

@@ -227,6 +227,14 @@ func (mfa *CLIApp) freshenManifestOperation(ctx *cli.Context) error {
 
 	builder := mfer.NewBuilder()
 
+	// Set up signing options if sign-key is provided
+	if signKey := ctx.String("sign-key"); signKey != "" {
+		builder.SetSigningOptions(&mfer.SigningOptions{
+			KeyID: mfer.GPGKeyID(signKey),
+		})
+		log.Infof("signing manifest with GPG key: %s", signKey)
+	}
+
 	for _, e := range entries {
 		select {
 		case <-ctx.Done():

internal/cli/freshen_test.go

@@ -8,7 +8,6 @@ import (
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"sneak.berlin/go/mfer/internal/scanner"
 	"sneak.berlin/go/mfer/mfer"
 )
 
@@ -16,20 +15,20 @@ func TestFreshenUnchanged(t *testing.T) {
 	// Create filesystem with test files
 	fs := afero.NewMemMapFs()
 
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("content1"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("content2"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("content1"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("content2"), 0o644))
 
 	// Generate initial manifest
-	opts := &scanner.Options{Fs: fs}
-	s := scanner.NewWithOptions(opts)
+	opts := &mfer.ScannerOptions{Fs: fs}
+	s := mfer.NewScannerWithOptions(opts)
 	require.NoError(t, s.EnumeratePath("/testdir", nil))
 
 	var manifestBuf bytes.Buffer
 	require.NoError(t, s.ToManifest(context.Background(), &manifestBuf, nil))
 
 	// Write manifest to filesystem
-	require.NoError(t, afero.WriteFile(fs, "/testdir/.index.mf", manifestBuf.Bytes(), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/.index.mf", manifestBuf.Bytes(), 0o644))
 
 	// Parse manifest to verify
 	manifest, err := mfer.NewManifestFromFile(fs, "/testdir/.index.mf")
@@ -41,20 +40,20 @@ func TestFreshenWithChanges(t *testing.T) {
 	// Create filesystem with test files
 	fs := afero.NewMemMapFs()
 
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("content1"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("content2"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("content1"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("content2"), 0o644))
 
 	// Generate initial manifest
-	opts := &scanner.Options{Fs: fs}
-	s := scanner.NewWithOptions(opts)
+	opts := &mfer.ScannerOptions{Fs: fs}
+	s := mfer.NewScannerWithOptions(opts)
 	require.NoError(t, s.EnumeratePath("/testdir", nil))
 
 	var manifestBuf bytes.Buffer
 	require.NoError(t, s.ToManifest(context.Background(), &manifestBuf, nil))
 
 	// Write manifest to filesystem
-	require.NoError(t, afero.WriteFile(fs, "/testdir/.index.mf", manifestBuf.Bytes(), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/.index.mf", manifestBuf.Bytes(), 0o644))
 
 	// Verify initial manifest has 2 files
 	manifest, err := mfer.NewManifestFromFile(fs, "/testdir/.index.mf")
@@ -62,10 +61,10 @@ func TestFreshenWithChanges(t *testing.T) {
 	assert.Len(t, manifest.Files(), 2)
 
 	// Add a new file
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file3.txt", []byte("content3"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file3.txt", []byte("content3"), 0o644))
 
 	// Modify file2 (change content and size)
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("modified content2"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("modified content2"), 0o644))
 
 	// Remove file1
 	require.NoError(t, fs.Remove("/testdir/file1.txt"))

internal/cli/gen.go

@@ -25,6 +25,14 @@ func (mfa *CLIApp) generateManifestOperation(ctx *cli.Context) error {
 		Fs:              mfa.Fs,
 	}
 
+	// Set up signing options if sign-key is provided
+	if signKey := ctx.String("sign-key"); signKey != "" {
+		opts.SigningOptions = &mfer.SigningOptions{
+			KeyID: mfer.GPGKeyID(signKey),
+		}
+		log.Infof("signing manifest with GPG key: %s", signKey)
+	}
+
 	s := mfer.NewScannerWithOptions(opts)
 
 	// Phase 1: Enumeration - collect paths and stat files

internal/cli/mfer.go

@@ -148,6 +148,12 @@ func (mfa *CLIApp) run(args []string) {
 						Aliases: []string{"P"},
 						Usage:   "Show progress during enumeration and scanning",
 					},
+					&cli.StringFlag{
+						Name:    "sign-key",
+						Aliases: []string{"s"},
+						Usage:   "GPG key ID to sign the manifest with",
+						EnvVars: []string{"MFER_SIGN_KEY"},
+					},
 				),
 			},
 			{
@@ -175,6 +181,12 @@ func (mfa *CLIApp) run(args []string) {
 						Name:  "no-extra-files",
 						Usage: "Fail if files exist in base directory that are not in manifest",
 					},
+					&cli.StringFlag{
+						Name:    "require-signature",
+						Aliases: []string{"S"},
+						Usage:   "Require manifest to be signed by the specified GPG key ID",
+						EnvVars: []string{"MFER_REQUIRE_SIGNATURE"},
+					},
 				),
 			},
 			{
@@ -208,6 +220,12 @@ func (mfa *CLIApp) run(args []string) {
 						Aliases: []string{"P"},
 						Usage:   "Show progress during scanning and hashing",
 					},
+					&cli.StringFlag{
+						Name:    "sign-key",
+						Aliases: []string{"s"},
+						Usage:   "GPG key ID to sign the manifest with",
+						EnvVars: []string{"MFER_SIGN_KEY"},
+					},
 				),
 			},
 			{

internal/scanner/scanner.go

@@ -0,0 +1,373 @@
+package scanner
+
+import (
+	"context"
+	"io"
+	"io/fs"
+	"path"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/spf13/afero"
+	"sneak.berlin/go/mfer/mfer"
+)
+
+// Phase 1: Enumeration
+// ---------------------
+// Walking directories and calling stat() on files to collect metadata.
+// Builds the list of files to be scanned. Relatively fast (metadata only).
+
+// EnumerateStatus contains progress information for the enumeration phase.
+type EnumerateStatus struct {
+	FilesFound int64 // Number of files discovered so far
+	BytesFound int64 // Total size of discovered files (from stat)
+}
+
+// Phase 2: Scan (ToManifest)
+// --------------------------
+// Reading file contents and computing hashes for manifest generation.
+// This is the expensive phase that reads all file data.
+
+// ScanStatus contains progress information for the scan phase.
+type ScanStatus struct {
+	TotalFiles   int64   // Total number of files to scan
+	ScannedFiles int64   // Number of files scanned so far
+	TotalBytes   int64   // Total bytes to read (sum of all file sizes)
+	ScannedBytes int64   // Bytes read so far
+	BytesPerSec  float64 // Current throughput rate
+}
+
+// Options configures scanner behavior.
+type Options struct {
+	IgnoreDotfiles bool     // Skip files and directories starting with a dot
+	FollowSymLinks bool     // Resolve symlinks instead of skipping them
+	Fs             afero.Fs // Filesystem to use, defaults to OsFs if nil
+}
+
+// FileEntry represents a file that has been enumerated.
+type FileEntry struct {
+	Path    string    // Relative path (used in manifest)
+	AbsPath string    // Absolute path (used for reading file content)
+	Size    int64     // File size in bytes
+	Mtime   time.Time // Last modification time
+	Ctime   time.Time // Creation time (platform-dependent)
+}
+
+// Scanner accumulates files and generates manifests from them.
+type Scanner struct {
+	mu      sync.RWMutex
+	files   []*FileEntry
+	options *Options
+	fs      afero.Fs
+}
+
+// New creates a new Scanner with default options.
+func New() *Scanner {
+	return NewWithOptions(nil)
+}
+
+// NewWithOptions creates a new Scanner with the given options.
+func NewWithOptions(opts *Options) *Scanner {
+	if opts == nil {
+		opts = &Options{}
+	}
+	fs := opts.Fs
+	if fs == nil {
+		fs = afero.NewOsFs()
+	}
+	return &Scanner{
+		files:   make([]*FileEntry, 0),
+		options: opts,
+		fs:      fs,
+	}
+}
+
+// EnumerateFile adds a single file to the scanner, calling stat() to get metadata.
+func (s *Scanner) EnumerateFile(filePath string) error {
+	abs, err := filepath.Abs(filePath)
+	if err != nil {
+		return err
+	}
+	info, err := s.fs.Stat(abs)
+	if err != nil {
+		return err
+	}
+	// For single files, use the filename as the relative path
+	basePath := filepath.Dir(abs)
+	return s.enumerateFileWithInfo(filepath.Base(abs), basePath, info, nil)
+}
+
+// EnumeratePath walks a directory path and adds all files to the scanner.
+// If progress is non-nil, status updates are sent as files are discovered.
+// The progress channel is closed when the method returns.
+func (s *Scanner) EnumeratePath(inputPath string, progress chan<- EnumerateStatus) error {
+	if progress != nil {
+		defer close(progress)
+	}
+	abs, err := filepath.Abs(inputPath)
+	if err != nil {
+		return err
+	}
+	afs := afero.NewReadOnlyFs(afero.NewBasePathFs(s.fs, abs))
+	return s.enumerateFS(afs, abs, progress)
+}
+
+// EnumeratePaths walks multiple directory paths and adds all files to the scanner.
+// If progress is non-nil, status updates are sent as files are discovered.
+// The progress channel is closed when the method returns.
+func (s *Scanner) EnumeratePaths(progress chan<- EnumerateStatus, inputPaths ...string) error {
+	if progress != nil {
+		defer close(progress)
+	}
+	for _, p := range inputPaths {
+		abs, err := filepath.Abs(p)
+		if err != nil {
+			return err
+		}
+		afs := afero.NewReadOnlyFs(afero.NewBasePathFs(s.fs, abs))
+		if err := s.enumerateFS(afs, abs, progress); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// EnumerateFS walks an afero filesystem and adds all files to the scanner.
+// If progress is non-nil, status updates are sent as files are discovered.
+// The progress channel is closed when the method returns.
+// basePath is used to compute absolute paths for file reading.
+func (s *Scanner) EnumerateFS(afs afero.Fs, basePath string, progress chan<- EnumerateStatus) error {
+	if progress != nil {
+		defer close(progress)
+	}
+	return s.enumerateFS(afs, basePath, progress)
+}
+
+// enumerateFS is the internal implementation that doesn't close the progress channel.
+func (s *Scanner) enumerateFS(afs afero.Fs, basePath string, progress chan<- EnumerateStatus) error {
+	return afero.Walk(afs, "/", func(p string, info fs.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if s.options.IgnoreDotfiles && pathIsHidden(p) {
+			if info.IsDir() {
+				return filepath.SkipDir
+			}
+			return nil
+		}
+		return s.enumerateFileWithInfo(p, basePath, info, progress)
+	})
+}
+
+// enumerateFileWithInfo adds a file with pre-existing fs.FileInfo.
+func (s *Scanner) enumerateFileWithInfo(filePath string, basePath string, info fs.FileInfo, progress chan<- EnumerateStatus) error {
+	if info.IsDir() {
+		// Manifests contain only files, directories are implied
+		return nil
+	}
+
+	// Clean the path - remove leading slash if present
+	cleanPath := filePath
+	if len(cleanPath) > 0 && cleanPath[0] == '/' {
+		cleanPath = cleanPath[1:]
+	}
+
+	// Compute absolute path for file reading
+	absPath := filepath.Join(basePath, cleanPath)
+
+	entry := &FileEntry{
+		Path:    cleanPath,
+		AbsPath: absPath,
+		Size:    info.Size(),
+		Mtime:   info.ModTime(),
+		// Note: Ctime not available from fs.FileInfo on all platforms
+		// Will need platform-specific code to extract it
+	}
+
+	s.mu.Lock()
+	s.files = append(s.files, entry)
+	filesFound := int64(len(s.files))
+	var bytesFound int64
+	for _, f := range s.files {
+		bytesFound += f.Size
+	}
+	s.mu.Unlock()
+
+	sendEnumerateStatus(progress, EnumerateStatus{
+		FilesFound: filesFound,
+		BytesFound: bytesFound,
+	})
+
+	return nil
+}
+
+// Files returns a copy of all files added to the scanner.
+func (s *Scanner) Files() []*FileEntry {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	out := make([]*FileEntry, len(s.files))
+	copy(out, s.files)
+	return out
+}
+
+// FileCount returns the number of files in the scanner.
+func (s *Scanner) FileCount() int64 {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return int64(len(s.files))
+}
+
+// TotalBytes returns the total size of all files in the scanner.
+func (s *Scanner) TotalBytes() int64 {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	var total int64
+	for _, f := range s.files {
+		total += f.Size
+	}
+	return total
+}
+
+// ToManifest reads all file contents, computes hashes, and generates a manifest.
+// If progress is non-nil, status updates are sent approximately once per second.
+// The progress channel is closed when the method returns.
+// The manifest is written to the provided io.Writer.
+func (s *Scanner) ToManifest(ctx context.Context, w io.Writer, progress chan<- ScanStatus) error {
+	if progress != nil {
+		defer close(progress)
+	}
+
+	s.mu.RLock()
+	files := make([]*FileEntry, len(s.files))
+	copy(files, s.files)
+	totalFiles := int64(len(files))
+	var totalBytes int64
+	for _, f := range files {
+		totalBytes += f.Size
+	}
+	s.mu.RUnlock()
+
+	builder := mfer.NewBuilder()
+
+	var scannedFiles int64
+	var scannedBytes int64
+	lastProgressTime := time.Now()
+	startTime := time.Now()
+
+	for _, entry := range files {
+		// Check for cancellation
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
+		// Open file
+		f, err := s.fs.Open(entry.AbsPath)
+		if err != nil {
+			return err
+		}
+
+		// Add to manifest with progress callback
+		bytesRead, err := builder.AddFile(
+			entry.Path,
+			entry.Size,
+			entry.Mtime,
+			f,
+			func(fileBytes int64) {
+				// Send progress at most once per second
+				now := time.Now()
+				if progress != nil && now.Sub(lastProgressTime) >= time.Second {
+					elapsed := now.Sub(startTime).Seconds()
+					currentBytes := scannedBytes + fileBytes
+					var rate float64
+					if elapsed > 0 {
+						rate = float64(currentBytes) / elapsed
+					}
+					sendScanStatus(progress, ScanStatus{
+						TotalFiles:   totalFiles,
+						ScannedFiles: scannedFiles,
+						TotalBytes:   totalBytes,
+						ScannedBytes: currentBytes,
+						BytesPerSec:  rate,
+					})
+					lastProgressTime = now
+				}
+			},
+		)
+		f.Close()
+
+		if err != nil {
+			return err
+		}
+
+		scannedFiles++
+		scannedBytes += bytesRead
+	}
+
+	// Send final progress
+	if progress != nil {
+		elapsed := time.Since(startTime).Seconds()
+		var rate float64
+		if elapsed > 0 {
+			rate = float64(scannedBytes) / elapsed
+		}
+		sendScanStatus(progress, ScanStatus{
+			TotalFiles:   totalFiles,
+			ScannedFiles: scannedFiles,
+			TotalBytes:   totalBytes,
+			ScannedBytes: scannedBytes,
+			BytesPerSec:  rate,
+		})
+	}
+
+	// Build and write manifest
+	return builder.Build(w)
+}
+
+// pathIsHidden returns true if the path or any of its parent directories
+// start with a dot (hidden files/directories).
+func pathIsHidden(p string) bool {
+	tp := path.Clean(p)
+	if strings.HasPrefix(tp, ".") {
+		return true
+	}
+	for {
+		d, f := path.Split(tp)
+		if strings.HasPrefix(f, ".") {
+			return true
+		}
+		if d == "" {
+			return false
+		}
+		tp = d[0 : len(d)-1] // trim trailing slash from dir
+	}
+}
+
+// sendEnumerateStatus sends a status update without blocking.
+// If the channel is full, the update is dropped.
+func sendEnumerateStatus(ch chan<- EnumerateStatus, status EnumerateStatus) {
+	if ch == nil {
+		return
+	}
+	select {
+	case ch <- status:
+	default:
+		// Channel full, drop this update
+	}
+}
+
+// sendScanStatus sends a status update without blocking.
+// If the channel is full, the update is dropped.
+func sendScanStatus(ch chan<- ScanStatus, status ScanStatus) {
+	if ch == nil {
+		return
+	}
+	select {
+	case ch <- status:
+	default:
+		// Channel full, drop this update
+	}
+}

mfer/builder.go

@@ -3,6 +3,7 @@ package mfer
 import (
 	"crypto/sha256"
 	"errors"
+	"fmt"
 	"io"
 	"sync"
 	"time"
@@ -53,6 +54,7 @@ type Builder struct {
 	mu             sync.Mutex
 	files          []*MFFilePath
 	createdAt      time.Time
+	signingOptions *SigningOptions
 }
 
 // NewBuilder creates a new Builder.
@@ -95,6 +97,11 @@ func (b *Builder) AddFile(
 		}
 	}
 
+	// Verify actual bytes read matches declared size
+	if totalRead != size {
+		return totalRead, fmt.Errorf("size mismatch for %q: declared %d bytes but read %d bytes", path, size, totalRead)
+	}
+
 	// Encode hash as multihash (SHA2-256)
 	mh, err := multihash.Encode(h.Sum(nil), multihash.SHA2_256)
 	if err != nil {
@@ -165,6 +172,14 @@ func (b *Builder) AddFileWithHash(path RelFilePath, size FileSize, mtime ModTime
 	return nil
 }
 
+// SetSigningOptions sets the GPG signing options for the manifest.
+// If opts is non-nil, the manifest will be signed when Build() is called.
+func (b *Builder) SetSigningOptions(opts *SigningOptions) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+	b.signingOptions = opts
+}
+
 // Build finalizes the manifest and writes it to the writer.
 func (b *Builder) Build(w io.Writer) error {
 	b.mu.Lock()
@@ -180,6 +195,7 @@ func (b *Builder) Build(w io.Writer) error {
 	// Create a temporary manifest to use existing serialization
 	m := &manifest{
 		pbInner:        inner,
+		signingOptions: b.signingOptions,
 	}
 
 	// Generate outer wrapper

mfer/checker.go

@@ -70,6 +70,10 @@ type Checker struct {
 	fs       afero.Fs
 	// manifestPaths is a set of paths in the manifest for quick lookup
 	manifestPaths map[RelFilePath]struct{}
+	// signature info from the manifest
+	signature     []byte
+	signer        []byte
+	signingPubKey []byte
 }
 
 // NewChecker creates a new Checker for the given manifest, base path, and filesystem.
@@ -101,6 +105,9 @@ func NewChecker(manifestPath string, basePath string, fs afero.Fs) (*Checker, er
 		files:         files,
 		fs:            fs,
 		manifestPaths: manifestPaths,
+		signature:     m.pbOuter.Signature,
+		signer:        m.pbOuter.Signer,
+		signingPubKey: m.pbOuter.SigningPubKey,
 	}, nil
 }
 
@@ -118,6 +125,31 @@ func (c *Checker) TotalBytes() FileSize {
 	return total
 }
 
+// IsSigned returns true if the manifest has a signature.
+func (c *Checker) IsSigned() bool {
+	return len(c.signature) > 0
+}
+
+// Signer returns the signer fingerprint if the manifest is signed, nil otherwise.
+func (c *Checker) Signer() []byte {
+	return c.signer
+}
+
+// SigningPubKey returns the signing public key if the manifest is signed, nil otherwise.
+func (c *Checker) SigningPubKey() []byte {
+	return c.signingPubKey
+}
+
+// ExtractEmbeddedSigningKeyFP imports the manifest's embedded public key into a
+// temporary keyring and extracts its fingerprint. This validates the key and
+// returns its actual fingerprint from the key material itself.
+func (c *Checker) ExtractEmbeddedSigningKeyFP() (string, error) {
+	if len(c.signingPubKey) == 0 {
+		return "", errors.New("manifest has no signing public key")
+	}
+	return gpgExtractPubKeyFingerprint(c.signingPubKey)
+}
+
 // Check verifies all files against the manifest.
 // Results are sent to the results channel as files are checked.
 // Progress updates are sent to the progress channel approximately once per second.

mfer/deserialize.go

@@ -2,9 +2,12 @@ package mfer
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"errors"
+	"fmt"
 	"io"
 
+	"github.com/google/uuid"
 	"github.com/klauspost/compress/zstd"
 	"github.com/spf13/afero"
 	"google.golang.org/protobuf/proto"
@@ -12,6 +15,19 @@ import (
 	"sneak.berlin/go/mfer/internal/log"
 )
 
+// validateUUID checks that the byte slice is a valid UUID (16 bytes, parseable).
+func validateUUID(data []byte) error {
+	if len(data) != 16 {
+		return errors.New("invalid UUID length")
+	}
+	// Try to parse as UUID to validate format
+	_, err := uuid.FromBytes(data)
+	if err != nil {
+		return errors.New("invalid UUID format")
+	}
+	return nil
+}
+
 func (m *manifest) deserializeInner() error {
 	if m.pbOuter.Version != MFFileOuter_VERSION_ONE {
 		return errors.New("unknown version")
@@ -20,6 +36,38 @@ func (m *manifest) deserializeInner() error {
 		return errors.New("unknown compression type")
 	}
 
+	// Validate outer UUID before any decompression
+	if err := validateUUID(m.pbOuter.Uuid); err != nil {
+		return errors.New("outer UUID invalid: " + err.Error())
+	}
+
+	// Verify hash of compressed data before decompression
+	h := sha256.New()
+	if _, err := h.Write(m.pbOuter.InnerMessage); err != nil {
+		return err
+	}
+	sha256Hash := h.Sum(nil)
+	if !bytes.Equal(sha256Hash, m.pbOuter.Sha256) {
+		return errors.New("compressed data hash mismatch")
+	}
+
+	// Verify signature if present
+	if len(m.pbOuter.Signature) > 0 {
+		if len(m.pbOuter.SigningPubKey) == 0 {
+			return errors.New("signature present but no public key")
+		}
+
+		sigString, err := m.signatureString()
+		if err != nil {
+			return fmt.Errorf("failed to generate signature string for verification: %w", err)
+		}
+
+		if err := gpgVerify([]byte(sigString), m.pbOuter.Signature, m.pbOuter.SigningPubKey); err != nil {
+			return fmt.Errorf("signature verification failed: %w", err)
+		}
+		log.Infof("signature verified successfully")
+	}
+
 	bb := bytes.NewBuffer(m.pbOuter.InnerMessage)
 
 	zr, err := zstd.NewReader(bb)
@@ -45,6 +93,16 @@ func (m *manifest) deserializeInner() error {
 		return err
 	}
 
+	// Validate inner UUID
+	if err := validateUUID(m.pbInner.Uuid); err != nil {
+		return errors.New("inner UUID invalid: " + err.Error())
+	}
+
+	// Verify UUIDs match
+	if !bytes.Equal(m.pbOuter.Uuid, m.pbInner.Uuid) {
+		return errors.New("outer and inner UUID mismatch")
+	}
+
 	log.Infof("loaded manifest with %d files", len(m.pbInner.Files))
 	return nil
 }

mfer/gpg.go

@@ -0,0 +1,212 @@
+package mfer
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+)
+
+// GPGKeyID represents a GPG key identifier (fingerprint or key ID).
+type GPGKeyID string
+
+// SigningOptions contains options for GPG signing.
+type SigningOptions struct {
+	KeyID GPGKeyID
+}
+
+// gpgSign creates a detached signature of the data using the specified key.
+// Returns the armored detached signature.
+func gpgSign(data []byte, keyID GPGKeyID) ([]byte, error) {
+	cmd := exec.Command("gpg",
+		"--detach-sign",
+		"--armor",
+		"--local-user", string(keyID),
+	)
+
+	cmd.Stdin = bytes.NewReader(data)
+
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+
+	if err := cmd.Run(); err != nil {
+		return nil, fmt.Errorf("gpg sign failed: %w: %s", err, stderr.String())
+	}
+
+	return stdout.Bytes(), nil
+}
+
+// gpgExportPublicKey exports the public key for the specified key ID.
+// Returns the armored public key.
+func gpgExportPublicKey(keyID GPGKeyID) ([]byte, error) {
+	cmd := exec.Command("gpg",
+		"--export",
+		"--armor",
+		string(keyID),
+	)
+
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+
+	if err := cmd.Run(); err != nil {
+		return nil, fmt.Errorf("gpg export failed: %w: %s", err, stderr.String())
+	}
+
+	if stdout.Len() == 0 {
+		return nil, fmt.Errorf("gpg key not found: %s", keyID)
+	}
+
+	return stdout.Bytes(), nil
+}
+
+// gpgGetKeyFingerprint gets the full fingerprint for a key ID.
+func gpgGetKeyFingerprint(keyID GPGKeyID) ([]byte, error) {
+	cmd := exec.Command("gpg",
+		"--with-colons",
+		"--fingerprint",
+		string(keyID),
+	)
+
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+
+	if err := cmd.Run(); err != nil {
+		return nil, fmt.Errorf("gpg fingerprint lookup failed: %w: %s", err, stderr.String())
+	}
+
+	// Parse the colon-delimited output to find the fingerprint
+	lines := strings.Split(stdout.String(), "\n")
+	for _, line := range lines {
+		fields := strings.Split(line, ":")
+		if len(fields) >= 10 && fields[0] == "fpr" {
+			return []byte(fields[9]), nil
+		}
+	}
+
+	return nil, fmt.Errorf("fingerprint not found for key: %s", keyID)
+}
+
+// gpgExtractPubKeyFingerprint imports a public key into a temporary keyring
+// and extracts its fingerprint. This verifies the key is valid and returns
+// the actual fingerprint from the key material.
+func gpgExtractPubKeyFingerprint(pubKey []byte) (string, error) {
+	// Create temporary directory for GPG operations
+	tmpDir, err := os.MkdirTemp("", "mfer-gpg-fingerprint-*")
+	if err != nil {
+		return "", fmt.Errorf("failed to create temp dir: %w", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	// Set restrictive permissions
+	if err := os.Chmod(tmpDir, 0o700); err != nil {
+		return "", fmt.Errorf("failed to set temp dir permissions: %w", err)
+	}
+
+	// Write public key to temp file
+	pubKeyFile := filepath.Join(tmpDir, "pubkey.asc")
+	if err := os.WriteFile(pubKeyFile, pubKey, 0o600); err != nil {
+		return "", fmt.Errorf("failed to write public key: %w", err)
+	}
+
+	// Import the public key into the temporary keyring
+	importCmd := exec.Command("gpg",
+		"--homedir", tmpDir,
+		"--import",
+		pubKeyFile,
+	)
+	var importStderr bytes.Buffer
+	importCmd.Stderr = &importStderr
+	if err := importCmd.Run(); err != nil {
+		return "", fmt.Errorf("failed to import public key: %w: %s", err, importStderr.String())
+	}
+
+	// List keys to get fingerprint
+	listCmd := exec.Command("gpg",
+		"--homedir", tmpDir,
+		"--with-colons",
+		"--fingerprint",
+	)
+	var listStdout, listStderr bytes.Buffer
+	listCmd.Stdout = &listStdout
+	listCmd.Stderr = &listStderr
+	if err := listCmd.Run(); err != nil {
+		return "", fmt.Errorf("failed to list keys: %w: %s", err, listStderr.String())
+	}
+
+	// Parse the colon-delimited output to find the fingerprint
+	lines := strings.Split(listStdout.String(), "\n")
+	for _, line := range lines {
+		fields := strings.Split(line, ":")
+		if len(fields) >= 10 && fields[0] == "fpr" {
+			return fields[9], nil
+		}
+	}
+
+	return "", fmt.Errorf("fingerprint not found in imported key")
+}
+
+// gpgVerify verifies a detached signature against data using the provided public key.
+// It creates a temporary keyring to import the public key for verification.
+func gpgVerify(data, signature, pubKey []byte) error {
+	// Create temporary directory for GPG operations
+	tmpDir, err := os.MkdirTemp("", "mfer-gpg-verify-*")
+	if err != nil {
+		return fmt.Errorf("failed to create temp dir: %w", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	// Set restrictive permissions
+	if err := os.Chmod(tmpDir, 0o700); err != nil {
+		return fmt.Errorf("failed to set temp dir permissions: %w", err)
+	}
+
+	// Write public key to temp file
+	pubKeyFile := filepath.Join(tmpDir, "pubkey.asc")
+	if err := os.WriteFile(pubKeyFile, pubKey, 0o600); err != nil {
+		return fmt.Errorf("failed to write public key: %w", err)
+	}
+
+	// Write signature to temp file
+	sigFile := filepath.Join(tmpDir, "signature.asc")
+	if err := os.WriteFile(sigFile, signature, 0o600); err != nil {
+		return fmt.Errorf("failed to write signature: %w", err)
+	}
+
+	// Write data to temp file
+	dataFile := filepath.Join(tmpDir, "data")
+	if err := os.WriteFile(dataFile, data, 0o600); err != nil {
+		return fmt.Errorf("failed to write data: %w", err)
+	}
+
+	// Import the public key into the temporary keyring
+	importCmd := exec.Command("gpg",
+		"--homedir", tmpDir,
+		"--import",
+		pubKeyFile,
+	)
+	var importStderr bytes.Buffer
+	importCmd.Stderr = &importStderr
+	if err := importCmd.Run(); err != nil {
+		return fmt.Errorf("failed to import public key: %w: %s", err, importStderr.String())
+	}
+
+	// Verify the signature
+	verifyCmd := exec.Command("gpg",
+		"--homedir", tmpDir,
+		"--verify",
+		sigFile,
+		dataFile,
+	)
+	var verifyStderr bytes.Buffer
+	verifyCmd.Stderr = &verifyStderr
+	if err := verifyCmd.Run(); err != nil {
+		return fmt.Errorf("signature verification failed: %w: %s", err, verifyStderr.String())
+	}
+
+	return nil
+}

mfer/gpg_test.go

@@ -0,0 +1,347 @@
+package mfer
+
+import (
+	"bytes"
+	"context"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/spf13/afero"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// testGPGEnv sets up a temporary GPG home directory with a test key.
+// Returns the key ID and a cleanup function.
+func testGPGEnv(t *testing.T) (GPGKeyID, func()) {
+	t.Helper()
+
+	// Check if gpg is installed
+	if _, err := exec.LookPath("gpg"); err != nil {
+		t.Skip("gpg not installed, skipping signing test")
+		return "", func() {}
+	}
+
+	// Create temporary GPG home directory
+	gpgHome, err := os.MkdirTemp("", "mfer-gpg-test-*")
+	require.NoError(t, err)
+
+	// Set restrictive permissions on GPG home
+	require.NoError(t, os.Chmod(gpgHome, 0o700))
+
+	// Save original GNUPGHOME and set new one
+	origGPGHome := os.Getenv("GNUPGHOME")
+	os.Setenv("GNUPGHOME", gpgHome)
+
+	cleanup := func() {
+		if origGPGHome == "" {
+			os.Unsetenv("GNUPGHOME")
+		} else {
+			os.Setenv("GNUPGHOME", origGPGHome)
+		}
+		os.RemoveAll(gpgHome)
+	}
+
+	// Generate a test key with no passphrase
+	keyParams := `%no-protection
+Key-Type: RSA
+Key-Length: 2048
+Name-Real: MFER Test Key
+Name-Email: test@mfer.test
+Expire-Date: 0
+%commit
+`
+	paramsFile := filepath.Join(gpgHome, "key-params")
+	require.NoError(t, os.WriteFile(paramsFile, []byte(keyParams), 0o600))
+
+	cmd := exec.Command("gpg", "--batch", "--gen-key", paramsFile)
+	cmd.Env = append(os.Environ(), "GNUPGHOME="+gpgHome)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		cleanup()
+		t.Skipf("failed to generate test GPG key: %v: %s", err, output)
+		return "", func() {}
+	}
+
+	// Get the key fingerprint
+	cmd = exec.Command("gpg", "--list-keys", "--with-colons", "test@mfer.test")
+	cmd.Env = append(os.Environ(), "GNUPGHOME="+gpgHome)
+	output, err = cmd.Output()
+	if err != nil {
+		cleanup()
+		t.Fatalf("failed to list test key: %v", err)
+	}
+
+	// Parse fingerprint from output
+	var keyID string
+	for _, line := range strings.Split(string(output), "\n") {
+		fields := strings.Split(line, ":")
+		if len(fields) >= 10 && fields[0] == "fpr" {
+			keyID = fields[9]
+			break
+		}
+	}
+
+	if keyID == "" {
+		cleanup()
+		t.Fatal("failed to find test key fingerprint")
+	}
+
+	return GPGKeyID(keyID), cleanup
+}
+
+func TestGPGSign(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	data := []byte("test data to sign")
+	sig, err := gpgSign(data, keyID)
+	require.NoError(t, err)
+	assert.NotEmpty(t, sig)
+	assert.Contains(t, string(sig), "-----BEGIN PGP SIGNATURE-----")
+	assert.Contains(t, string(sig), "-----END PGP SIGNATURE-----")
+}
+
+func TestGPGExportPublicKey(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	pubKey, err := gpgExportPublicKey(keyID)
+	require.NoError(t, err)
+	assert.NotEmpty(t, pubKey)
+	assert.Contains(t, string(pubKey), "-----BEGIN PGP PUBLIC KEY BLOCK-----")
+	assert.Contains(t, string(pubKey), "-----END PGP PUBLIC KEY BLOCK-----")
+}
+
+func TestGPGGetKeyFingerprint(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	fingerprint, err := gpgGetKeyFingerprint(keyID)
+	require.NoError(t, err)
+	assert.NotEmpty(t, fingerprint)
+	// The fingerprint should be 40 hex chars
+	assert.Len(t, fingerprint, 40, "fingerprint should be 40 hex chars")
+}
+
+func TestGPGSignInvalidKey(t *testing.T) {
+	// Set up test environment (we need GNUPGHOME set)
+	_, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	data := []byte("test data")
+	_, err := gpgSign(data, GPGKeyID("NONEXISTENT_KEY_ID_12345"))
+	assert.Error(t, err)
+}
+
+func TestBuilderWithSigning(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	// Create a builder with signing options
+	b := NewBuilder()
+	b.SetSigningOptions(&SigningOptions{
+		KeyID: keyID,
+	})
+
+	// Add a test file
+	content := []byte("test file content")
+	reader := bytes.NewReader(content)
+	_, err := b.AddFile("test.txt", FileSize(len(content)), ModTime{}, reader, nil)
+	require.NoError(t, err)
+
+	// Build the manifest
+	var buf bytes.Buffer
+	err = b.Build(&buf)
+	require.NoError(t, err)
+
+	// Parse the manifest and verify signature fields are populated
+	manifest, err := NewManifestFromReader(&buf)
+	require.NoError(t, err)
+	require.NotNil(t, manifest.pbOuter)
+
+	assert.NotEmpty(t, manifest.pbOuter.Signature, "signature should be populated")
+	assert.NotEmpty(t, manifest.pbOuter.Signer, "signer should be populated")
+	assert.NotEmpty(t, manifest.pbOuter.SigningPubKey, "signing public key should be populated")
+
+	// Verify signature is a valid PGP signature
+	assert.Contains(t, string(manifest.pbOuter.Signature), "-----BEGIN PGP SIGNATURE-----")
+
+	// Verify public key is a valid PGP public key block
+	assert.Contains(t, string(manifest.pbOuter.SigningPubKey), "-----BEGIN PGP PUBLIC KEY BLOCK-----")
+}
+
+func TestScannerWithSigning(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	// Create in-memory filesystem with test files
+	fs := afero.NewMemMapFs()
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("content1"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("content2"), 0o644))
+
+	// Create scanner with signing options
+	opts := &ScannerOptions{
+		Fs: fs,
+		SigningOptions: &SigningOptions{
+			KeyID: keyID,
+		},
+	}
+	s := NewScannerWithOptions(opts)
+
+	// Enumerate files
+	require.NoError(t, s.EnumeratePath("/testdir", nil))
+	assert.Equal(t, FileCount(2), s.FileCount())
+
+	// Generate signed manifest
+	var buf bytes.Buffer
+	require.NoError(t, s.ToManifest(context.Background(), &buf, nil))
+
+	// Parse and verify
+	manifest, err := NewManifestFromReader(&buf)
+	require.NoError(t, err)
+
+	assert.NotEmpty(t, manifest.pbOuter.Signature)
+	assert.NotEmpty(t, manifest.pbOuter.Signer)
+	assert.NotEmpty(t, manifest.pbOuter.SigningPubKey)
+}
+
+func TestGPGVerify(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	data := []byte("test data to sign and verify")
+	sig, err := gpgSign(data, keyID)
+	require.NoError(t, err)
+
+	pubKey, err := gpgExportPublicKey(keyID)
+	require.NoError(t, err)
+
+	// Verify the signature
+	err = gpgVerify(data, sig, pubKey)
+	require.NoError(t, err)
+}
+
+func TestGPGVerifyInvalidSignature(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	data := []byte("test data to sign")
+	sig, err := gpgSign(data, keyID)
+	require.NoError(t, err)
+
+	pubKey, err := gpgExportPublicKey(keyID)
+	require.NoError(t, err)
+
+	// Try to verify with different data - should fail
+	wrongData := []byte("different data")
+	err = gpgVerify(wrongData, sig, pubKey)
+	assert.Error(t, err)
+}
+
+func TestGPGVerifyBadPublicKey(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	data := []byte("test data")
+	sig, err := gpgSign(data, keyID)
+	require.NoError(t, err)
+
+	// Try to verify with invalid public key - should fail
+	badPubKey := []byte("not a valid public key")
+	err = gpgVerify(data, sig, badPubKey)
+	assert.Error(t, err)
+}
+
+func TestManifestSignatureVerification(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	// Create a builder with signing options
+	b := NewBuilder()
+	b.SetSigningOptions(&SigningOptions{
+		KeyID: keyID,
+	})
+
+	// Add a test file
+	content := []byte("test file content for verification")
+	reader := bytes.NewReader(content)
+	_, err := b.AddFile("test.txt", FileSize(len(content)), ModTime{}, reader, nil)
+	require.NoError(t, err)
+
+	// Build the manifest
+	var buf bytes.Buffer
+	err = b.Build(&buf)
+	require.NoError(t, err)
+
+	// Parse the manifest - signature should be verified during load
+	manifest, err := NewManifestFromReader(&buf)
+	require.NoError(t, err)
+	require.NotNil(t, manifest)
+
+	// Signature should be present and valid
+	assert.NotEmpty(t, manifest.pbOuter.Signature)
+}
+
+func TestManifestTamperedSignatureFails(t *testing.T) {
+	keyID, cleanup := testGPGEnv(t)
+	defer cleanup()
+
+	// Create a signed manifest
+	b := NewBuilder()
+	b.SetSigningOptions(&SigningOptions{
+		KeyID: keyID,
+	})
+
+	content := []byte("test file content")
+	reader := bytes.NewReader(content)
+	_, err := b.AddFile("test.txt", FileSize(len(content)), ModTime{}, reader, nil)
+	require.NoError(t, err)
+
+	var buf bytes.Buffer
+	err = b.Build(&buf)
+	require.NoError(t, err)
+
+	// Tamper with the signature by replacing some bytes
+	data := buf.Bytes()
+	// Find and modify a byte in the signature portion
+	for i := range data {
+		if i > 100 && data[i] == 'A' {
+			data[i] = 'B'
+			break
+		}
+	}
+
+	// Try to load the tampered manifest - should fail
+	_, err = NewManifestFromReader(bytes.NewReader(data))
+	assert.Error(t, err)
+}
+
+func TestBuilderWithoutSigning(t *testing.T) {
+	// Create a builder without signing options
+	b := NewBuilder()
+
+	// Add a test file
+	content := []byte("test file content")
+	reader := bytes.NewReader(content)
+	_, err := b.AddFile("test.txt", FileSize(len(content)), ModTime{}, reader, nil)
+	require.NoError(t, err)
+
+	// Build the manifest
+	var buf bytes.Buffer
+	err = b.Build(&buf)
+	require.NoError(t, err)
+
+	// Parse the manifest and verify signature fields are empty
+	manifest, err := NewManifestFromReader(&buf)
+	require.NoError(t, err)
+	require.NotNil(t, manifest.pbOuter)
+
+	assert.Empty(t, manifest.pbOuter.Signature, "signature should be empty when not signing")
+	assert.Empty(t, manifest.pbOuter.Signer, "signer should be empty when not signing")
+	assert.Empty(t, manifest.pbOuter.SigningPubKey, "signing public key should be empty when not signing")
+}

mfer/manifest.go

@@ -2,7 +2,11 @@ package mfer
 
 import (
 	"bytes"
+	"encoding/hex"
+	"errors"
 	"fmt"
+
+	"github.com/multiformats/go-multihash"
 )
 
 // manifest holds the internal representation of a manifest file.
@@ -12,6 +16,7 @@ type manifest struct {
 	pbInner        *MFFile
 	pbOuter        *MFFileOuter
 	output         *bytes.Buffer
+	signingOptions *SigningOptions
 }
 
 func (m *manifest) String() string {
@@ -29,3 +34,26 @@ func (m *manifest) Files() []*MFFilePath {
 	}
 	return m.pbInner.Files
 }
+
+// signatureString generates the canonical string used for signing/verification.
+// Format: MAGIC-UUID-MULTIHASH where UUID and multihash are hex-encoded.
+// Requires pbOuter to be set with Uuid and Sha256 fields.
+func (m *manifest) signatureString() (string, error) {
+	if m.pbOuter == nil {
+		return "", errors.New("pbOuter not set")
+	}
+	if len(m.pbOuter.Uuid) == 0 {
+		return "", errors.New("UUID not set")
+	}
+	if len(m.pbOuter.Sha256) == 0 {
+		return "", errors.New("SHA256 hash not set")
+	}
+
+	mh, err := multihash.Encode(m.pbOuter.Sha256, multihash.SHA2_256)
+	if err != nil {
+		return "", fmt.Errorf("failed to encode multihash: %w", err)
+	}
+	uuidStr := hex.EncodeToString(m.pbOuter.Uuid)
+	mhStr := hex.EncodeToString(mh)
+	return fmt.Sprintf("%s-%s-%s", MAGIC, uuidStr, mhStr), nil
+}

mfer/mf.pb.go

@@ -220,6 +220,8 @@ type MFFileOuter struct {
 	// and not for cryptographic integrity.
 	Size   int64  `protobuf:"varint,103,opt,name=size,proto3" json:"size,omitempty"`
 	Sha256 []byte `protobuf:"bytes,104,opt,name=sha256,proto3" json:"sha256,omitempty"`
+	// uuid must match the uuid in the inner message
+	Uuid         []byte `protobuf:"bytes,105,opt,name=uuid,proto3" json:"uuid,omitempty"`
 	InnerMessage []byte `protobuf:"bytes,199,opt,name=innerMessage,proto3" json:"innerMessage,omitempty"`
 	// detached signature, ascii or binary
 	Signature []byte `protobuf:"bytes,201,opt,name=signature,proto3,oneof" json:"signature,omitempty"`
@@ -289,6 +291,13 @@ func (x *MFFileOuter) GetSha256() []byte {
 	return nil
 }
 
+func (x *MFFileOuter) GetUuid() []byte {
+	if x != nil {
+		return x.Uuid
+	}
+	return nil
+}
+
 func (x *MFFileOuter) GetInnerMessage() []byte {
 	if x != nil {
 		return x.InnerMessage
@@ -463,6 +472,9 @@ type MFFile struct {
 	Version MFFile_Version         `protobuf:"varint,100,opt,name=version,proto3,enum=MFFile_Version" json:"version,omitempty"`
 	// required manifest attributes:
 	Files []*MFFilePath `protobuf:"bytes,101,rep,name=files,proto3" json:"files,omitempty"`
+	// uuid is a random v4 UUID generated when creating the manifest
+	// used as part of the signature to prevent replay attacks
+	Uuid []byte `protobuf:"bytes,102,opt,name=uuid,proto3" json:"uuid,omitempty"`
 	// optional manifest attributes 2xx:
 	CreatedAt     *Timestamp `protobuf:"bytes,201,opt,name=createdAt,proto3,oneof" json:"createdAt,omitempty"`
 	unknownFields protoimpl.UnknownFields
@@ -513,6 +525,13 @@ func (x *MFFile) GetFiles() []*MFFilePath {
 	return nil
 }
 
+func (x *MFFile) GetUuid() []byte {
+	if x != nil {
+		return x.Uuid
+	}
+	return nil
+}
+
 func (x *MFFile) GetCreatedAt() *Timestamp {
 	if x != nil {
 		return x.CreatedAt
@@ -527,12 +546,13 @@ const file_mf_proto_rawDesc = "" +
 	"\bmf.proto\";\n" +
 	"\tTimestamp\x12\x18\n" +
 	"\aseconds\x18\x01 \x01(\x03R\aseconds\x12\x14\n" +
-	"\x05nanos\x18\x02 \x01(\x05R\x05nanos\"\xdc\x03\n" +
+	"\x05nanos\x18\x02 \x01(\x05R\x05nanos\"\xf0\x03\n" +
 	"\vMFFileOuter\x12.\n" +
 	"\aversion\x18e \x01(\x0e2\x14.MFFileOuter.VersionR\aversion\x12F\n" +
 	"\x0fcompressionType\x18f \x01(\x0e2\x1c.MFFileOuter.CompressionTypeR\x0fcompressionType\x12\x12\n" +
 	"\x04size\x18g \x01(\x03R\x04size\x12\x16\n" +
-	"\x06sha256\x18h \x01(\fR\x06sha256\x12#\n" +
+	"\x06sha256\x18h \x01(\fR\x06sha256\x12\x12\n" +
+	"\x04uuid\x18i \x01(\fR\x04uuid\x12#\n" +
 	"\finnerMessage\x18\xc7\x01 \x01(\fR\finnerMessage\x12\"\n" +
 	"\tsignature\x18\xc9\x01 \x01(\fH\x00R\tsignature\x88\x01\x01\x12\x1c\n" +
 	"\x06signer\x18\xca\x01 \x01(\fH\x01R\x06signer\x88\x01\x01\x12*\n" +
@@ -564,10 +584,11 @@ const file_mf_proto_rawDesc = "" +
 	"\x06_ctimeB\b\n" +
 	"\x06_atime\".\n" +
 	"\x0eMFFileChecksum\x12\x1c\n" +
-	"\tmultiHash\x18\x01 \x01(\fR\tmultiHash\"\xc2\x01\n" +
+	"\tmultiHash\x18\x01 \x01(\fR\tmultiHash\"\xd6\x01\n" +
 	"\x06MFFile\x12)\n" +
 	"\aversion\x18d \x01(\x0e2\x0f.MFFile.VersionR\aversion\x12!\n" +
-	"\x05files\x18e \x03(\v2\v.MFFilePathR\x05files\x12.\n" +
+	"\x05files\x18e \x03(\v2\v.MFFilePathR\x05files\x12\x12\n" +
+	"\x04uuid\x18f \x01(\fR\x04uuid\x12.\n" +
 	"\tcreatedAt\x18\xc9\x01 \x01(\v2\n" +
 	".TimestampH\x00R\tcreatedAt\x88\x01\x01\",\n" +
 	"\aVersion\x12\x10\n" +

mfer/mf.proto

@@ -28,6 +28,9 @@ message MFFileOuter {
     int64 size = 103;
     bytes sha256 = 104;
 
+    // uuid must match the uuid in the inner message
+    bytes uuid = 105;
+
     bytes innerMessage = 199;
     // 2xx for optional manifest root attributes
     // think we might use gosignify instead of gpg:
@@ -72,6 +75,10 @@ message MFFile {
     // required manifest attributes:
     repeated MFFilePath files = 101;
 
+    // uuid is a random v4 UUID generated when creating the manifest
+    // used as part of the signature to prevent replay attacks
+    bytes uuid = 102;
+
     // optional manifest attributes 2xx:
     optional Timestamp createdAt = 201;
 }

mfer/scanner.go

@@ -46,6 +46,7 @@ type ScannerOptions struct {
 	IncludeDotfiles bool            // Include files and directories starting with a dot (default: exclude)
 	FollowSymLinks  bool            // Resolve symlinks instead of skipping them
 	Fs              afero.Fs        // Filesystem to use, defaults to OsFs if nil
+	SigningOptions  *SigningOptions // GPG signing options (nil = no signing)
 }
 
 // FileEntry represents a file that has been enumerated.
@@ -272,6 +273,9 @@ func (s *Scanner) ToManifest(ctx context.Context, w io.Writer, progress chan<- S
 	s.mu.RUnlock()
 
 	builder := NewBuilder()
+	if s.options.SigningOptions != nil {
+		builder.SetSigningOptions(s.options.SigningOptions)
+	}
 
 	var scannedFiles FileCount
 	var scannedBytes FileSize

mfer/scanner_test.go

@@ -38,7 +38,7 @@ func TestNewScannerWithOptions(t *testing.T) {
 
 func TestScannerEnumerateFile(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, afero.WriteFile(fs, "/test.txt", []byte("hello world"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/test.txt", []byte("hello world"), 0o644))
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})
 	err := s.EnumerateFile("/test.txt")
@@ -62,10 +62,10 @@ func TestScannerEnumerateFileMissing(t *testing.T) {
 
 func TestScannerEnumeratePath(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, fs.MkdirAll("/testdir/subdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("one"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("two"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/subdir/file3.txt", []byte("three"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir/subdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("one"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("two"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/subdir/file3.txt", []byte("three"), 0o644))
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})
 	err := s.EnumeratePath("/testdir", nil)
@@ -77,9 +77,9 @@ func TestScannerEnumeratePath(t *testing.T) {
 
 func TestScannerEnumeratePathWithProgress(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("one"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("two"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("one"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("two"), 0o644))
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})
 	progress := make(chan EnumerateStatus, 10)
@@ -101,10 +101,10 @@ func TestScannerEnumeratePathWithProgress(t *testing.T) {
 
 func TestScannerEnumeratePaths(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, fs.MkdirAll("/dir1", 0755))
-	require.NoError(t, fs.MkdirAll("/dir2", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/dir1/a.txt", []byte("aaa"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/dir2/b.txt", []byte("bbb"), 0644))
+	require.NoError(t, fs.MkdirAll("/dir1", 0o755))
+	require.NoError(t, fs.MkdirAll("/dir2", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/dir1/a.txt", []byte("aaa"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/dir2/b.txt", []byte("bbb"), 0o644))
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})
 	err := s.EnumeratePaths(nil, "/dir1", "/dir2")
@@ -115,10 +115,10 @@ func TestScannerEnumeratePaths(t *testing.T) {
 
 func TestScannerExcludeDotfiles(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, fs.MkdirAll("/testdir/.hidden", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/visible.txt", []byte("visible"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/.hidden.txt", []byte("hidden"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/.hidden/inside.txt", []byte("inside"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir/.hidden", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/visible.txt", []byte("visible"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/.hidden.txt", []byte("hidden"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/.hidden/inside.txt", []byte("inside"), 0o644))
 
 	t.Run("exclude by default", func(t *testing.T) {
 		s := NewScannerWithOptions(&ScannerOptions{Fs: fs, IncludeDotfiles: false})
@@ -141,9 +141,9 @@ func TestScannerExcludeDotfiles(t *testing.T) {
 
 func TestScannerToManifest(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("content one"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("content two"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file1.txt", []byte("content one"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file2.txt", []byte("content two"), 0o644))
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})
 	err := s.EnumeratePath("/testdir", nil)
@@ -160,8 +160,8 @@ func TestScannerToManifest(t *testing.T) {
 
 func TestScannerToManifestWithProgress(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file.txt", bytes.Repeat([]byte("x"), 1000), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file.txt", bytes.Repeat([]byte("x"), 1000), 0o644))
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})
 	err := s.EnumeratePath("/testdir", nil)
@@ -189,11 +189,11 @@ func TestScannerToManifestWithProgress(t *testing.T) {
 
 func TestScannerToManifestContextCancellation(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
 	// Create many files to ensure we have time to cancel
 	for i := 0; i < 100; i++ {
 		name := string(rune('a'+i%26)) + string(rune('0'+i/26)) + ".txt"
-		require.NoError(t, afero.WriteFile(fs, "/testdir/"+name, bytes.Repeat([]byte("x"), 100), 0644))
+		require.NoError(t, afero.WriteFile(fs, "/testdir/"+name, bytes.Repeat([]byte("x"), 100), 0o644))
 	}
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})
@@ -223,7 +223,7 @@ func TestScannerToManifestEmptyScanner(t *testing.T) {
 
 func TestScannerFilesCopiesSlice(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, afero.WriteFile(fs, "/test.txt", []byte("hello"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/test.txt", []byte("hello"), 0o644))
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})
 	require.NoError(t, s.EnumerateFile("/test.txt"))
@@ -237,9 +237,9 @@ func TestScannerFilesCopiesSlice(t *testing.T) {
 
 func TestScannerEnumerateFS(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, fs.MkdirAll("/testdir/sub", 0755))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/file.txt", []byte("hello"), 0644))
-	require.NoError(t, afero.WriteFile(fs, "/testdir/sub/nested.txt", []byte("world"), 0644))
+	require.NoError(t, fs.MkdirAll("/testdir/sub", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/file.txt", []byte("hello"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/testdir/sub/nested.txt", []byte("world"), 0o644))
 
 	// Create a basepath filesystem
 	baseFs := afero.NewBasePathFs(fs, "/testdir")
@@ -297,7 +297,7 @@ func TestSendStatusNilChannel(t *testing.T) {
 func TestScannerFileEntryFields(t *testing.T) {
 	fs := afero.NewMemMapFs()
 	now := time.Now().Truncate(time.Second)
-	require.NoError(t, afero.WriteFile(fs, "/test.txt", []byte("content"), 0644))
+	require.NoError(t, afero.WriteFile(fs, "/test.txt", []byte("content"), 0o644))
 	require.NoError(t, fs.Chtimes("/test.txt", now, now))
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})
@@ -316,12 +316,12 @@ func TestScannerFileEntryFields(t *testing.T) {
 
 func TestScannerLargeFileEnumeration(t *testing.T) {
 	fs := afero.NewMemMapFs()
-	require.NoError(t, fs.MkdirAll("/testdir", 0755))
+	require.NoError(t, fs.MkdirAll("/testdir", 0o755))
 
 	// Create 100 files
 	for i := 0; i < 100; i++ {
 		name := "/testdir/" + string(rune('a'+i%26)) + string(rune('0'+i/26%10)) + ".txt"
-		require.NoError(t, afero.WriteFile(fs, name, []byte("data"), 0644))
+		require.NoError(t, afero.WriteFile(fs, name, []byte("data"), 0o644))
 	}
 
 	s := NewScannerWithOptions(&ScannerOptions{Fs: fs})

mfer/serialize.go

@@ -4,8 +4,10 @@ import (
 	"bytes"
 	"crypto/sha256"
 	"errors"
+	"fmt"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/klauspost/compress/zstd"
 	"google.golang.org/protobuf/proto"
 )
@@ -47,14 +49,17 @@ func (m *manifest) generateOuter() error {
 	if m.pbInner == nil {
 		return errors.New("internal error")
 	}
+
+	// Generate UUID and set on inner message
+	manifestUUID := uuid.New()
+	m.pbInner.Uuid = manifestUUID[:]
+
 	innerData, err := proto.MarshalOptions{Deterministic: true}.Marshal(m.pbInner)
 	if err != nil {
 		return err
 	}
 
-	h := sha256.New()
-	h.Write(innerData)
-
+	// Compress the inner data
 	idc := new(bytes.Buffer)
 	zw, err := zstd.NewWriter(idc, zstd.WithEncoderLevel(zstd.SpeedBestCompression))
 	if err != nil {
@@ -64,16 +69,51 @@ func (m *manifest) generateOuter() error {
 	if err != nil {
 		return err
 	}
-
 	_ = zw.Close()
 
-	o := &MFFileOuter{
-		InnerMessage:    idc.Bytes(),
+	compressedData := idc.Bytes()
+
+	// Hash the compressed data for integrity verification before decompression
+	h := sha256.New()
+	if _, err := h.Write(compressedData); err != nil {
+		return err
+	}
+	sha256Hash := h.Sum(nil)
+
+	m.pbOuter = &MFFileOuter{
+		InnerMessage:    compressedData,
 		Size:            int64(len(innerData)),
-		Sha256:          h.Sum(nil),
+		Sha256:          sha256Hash,
+		Uuid:            manifestUUID[:],
 		Version:         MFFileOuter_VERSION_ONE,
 		CompressionType: MFFileOuter_COMPRESSION_ZSTD,
 	}
-	m.pbOuter = o
+
+	// Sign the manifest if signing options are provided
+	if m.signingOptions != nil && m.signingOptions.KeyID != "" {
+		sigString, err := m.signatureString()
+		if err != nil {
+			return fmt.Errorf("failed to generate signature string: %w", err)
+		}
+
+		sig, err := gpgSign([]byte(sigString), m.signingOptions.KeyID)
+		if err != nil {
+			return fmt.Errorf("failed to sign manifest: %w", err)
+		}
+		m.pbOuter.Signature = sig
+
+		fingerprint, err := gpgGetKeyFingerprint(m.signingOptions.KeyID)
+		if err != nil {
+			return fmt.Errorf("failed to get key fingerprint: %w", err)
+		}
+		m.pbOuter.Signer = fingerprint
+
+		pubKey, err := gpgExportPublicKey(m.signingOptions.KeyID)
+		if err != nil {
+			return fmt.Errorf("failed to export public key: %w", err)
+		}
+		m.pbOuter.SigningPubKey = pubKey
+	}
+
 	return nil
 }