Ive thought about it. The drawback is that the host may want to modify the file (i.e. compression). I’m sure there is an elegant solution but i haven’t worked it out yet. Probably should open an issue for it.
Discussion
I see, in that case, I guess one way is to let the host mapping the original hash and modified hash, or use two steps for signing, eg host sends the modified hash to client after compression, and client signs it back.