Sidecar usability improvements

[jcushman]

Goal

I'm working on an archiving project where I need to write provenance chains for arbitrary files. I was hoping to use c2patool to sign these files via the sidecar support. I hoped that something like this would work:

c2patool myfile -s <some params> -- write the sidecar to myfile.c2pa. c2patool myfile myfile.c2pa -- validate myfile using myfile.c2p.

I found a few issues doing this, some bigger than others.

Sidecar usability issues

• [ ] -s accepts arbitrary file extensions, but not no file extension. Signing a file without an extension results in "Error: Missing extension output".
• [ ] No way to specify sidecar output file path. Sidecar is mandatorily written to output path with .c2pa.
• [ ] c2patool -s writes a mandatory copy of the original input file (#134)
• [ ] No (documented) way to verify a file with a sidecar. Once you have a sidecar it's not clear what to do with it to validate the file.

I'm not sure the cleanest way to sort this out, but maybe it's just that -s needs to take a file path. Something like:

• c2patool myfile -m manifest.json -s myfile.c2pa: write signature to sidecar
• c2patool myfile -s myfile.c2pa: verify signature from sidecar

I hope this is helpful -- it's my first time trying the tool so I may be confused.

[jcushman]

Oh, I'm also not clear how sidecar support works with multiple/repeated signatures, but I didn't get far enough to experiment with that.