Originally Posted by Chang
If I want to sign my epub file, I would have to create separated file which contains my signature. Is there a way to sign my epub file without the file format being changed or creating a separated signature file?
Indeed, you would have to include the signature in a separate file, and if you add it to the epub, the signature is no longer valid. My idea was including a signature not of the whole epub file, but only of the main text. Say you have "text.xhtml" in your epub, then you add "text.gpg" too, which contains the signature for text.xhtml. Since text.gpg is only referenced in the manifest, but not used anywhere, users may not easily see it; if you add some plain-text watermark to text.xhtml, it could serve as a sort of backup watermark (a malicious user thinks he's quite smart and deletes the watermark from text.xhtml, but doesn't remove text.gpg; now you find the epub file in the darknet and see it does not have the plain-text watermark, but if you store a database of signatures, you can detect which file it originally was from text.gpg). Of course, it does nothing to prevent another user to remove text.gpg as well.
As charleski says, the concept is somehow opposite to normal watermarking. It depends on what your intent is. If you want to mark every epub file differently so you can eventually detect which copy was leaked to the darknet, I would recommend multiple "watermarks": Some plain-text identification visible in the book, a <meta> tag in the OPF, comments metadata in pictures (the cover picture or some logo would be good candidates), and maybe something else (comments in HTML, CSS, or NCX files).
If you are feeling clever, you could devise some way of coding an identifier by including typos or slight changes in the text: sometimes there are several correct spellings for a word, or a comma/semicolon change could be harmless, or whether or not there is a paragraph break...