It's possible if all the plugins have to be "certified" by a trusted party, such as yourself.
The signature could be the MD5 Message Digest of the plugin file, concatenated with a "secret word" known only to the trusted party.
$plugin_signature = md5($secret_word . $plugin_file_contents);
When computing the signature, you'd want to strip trailing whitespace from $plugin_file_contents, so that you get the same signature regardless of the platform.
------------
P.S. Never mind, that wouldn't work. I'll leave this here for the moment, though, in case I think of something better.
