Off-topic: standards for embedded signing of digital images?

Valtteri Vuorikoski vuori at notcom.org
Thu Sep 9 10:36:10 CEST 2021


"Mark H. Wood via Gnupg-users" <gnupg-users at gnupg.org> writes:

> I didn't know where else to turn, for folks who might be able to point
> me at standards for or discussion of embedding crypto signatures in
> image formats, to detect tampering with the image.

While you can technically embed some kind of signature in pretty much
any image format's XMP or EXIF metadata (and some cameras do), the only
graphic format with a reasonably well-defined and supported signature
scheme is probably PDF.

Unfortunately PDF's complex structure makes correct implementation
difficult and most vendors (including Adobe) have had numerous issues:
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf

You may be interested in the Adobe et al. Content Authenticity
Initiative, though that scheme's compatibility with open-source software
seems dubious.

 -Valtteri
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210909/387da9d8/attachment.sig>


More information about the Gnupg-users mailing list