Off-topic: standards for embedded signing of digital images?

Mark H. Wood mwood at iupui.edu
Fri Sep 10 15:28:27 CEST 2021


On Thu, Sep 09, 2021 at 10:43:05AM +0000, Oli Kon via Gnupg-users wrote:
> On 2021-09-08 4:53 p.m., Mark H. Wood via Gnupg-users - 
> gnupg-users at gnupg.org wrote:
> > I didn't know where else to turn, for folks who might be able to point
> > me at standards for or discussion of embedding crypto signatures in
> > image formats, to detect tampering with the image.
> 
> There are no standards that I have ever heard about that would
> be specific to ~image~ files; so I would ask this:
> 
> Which particular image file type are you interested in (.jpg,
> .tiff, .png, .bmp, .psd...) are you interested in, and why is it
> not appropriate to simply consider such file as another binary
> file that someone needs to digitally sign?

Formats:  first of all .jpg, but really any image format that can bear
signature data.

Why are image files special?  They aren't.  For every type of
structured file, one must consider the structure of the file type in
order to insert a signature without disrupting the other content, to
identify the content which should be covered by the signature, and to
locate the signature data.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210910/50e05898/attachment.sig>


More information about the Gnupg-users mailing list