Off-topic: standards for embedded signing of digital images?

Ryan McGinnis ryan at digicana.com
Fri Sep 10 22:00:55 CEST 2021


Years ago, I think Canon offered some kind of in-camera file format that supposedly could prove that the file had not been tampered with.  Eventually exploits were found that rendered it unreliable.  https://hk.canon/en/support/to-users-of-the-original-data-security-kit-osk-e3-original-data-verification-kit-dvk-e1-or-dvk-e2-accessories-for-digital-slr-cameras/notice   I suppose if you were going to engineer a spec like that today you'd have each camera have it's own key that it used (maybe alongside a baked-in manufacturer key) to sign the relevant guts of RAW files of each shot it took.  But this would really only be useful in a true forensics type situation, as most photographers end up editing and altering photos with programs like Lightroom before they call them "done".   


As it is, most of the time people look for image tampering not through signatures but rather by looking for telltale signs of the artifacts left behind by common forms of tampering.  https://belkasoft.com/forgery-detection

-Ryan McGinnis

ryan at digicana.com

http://bigstormpicture.com

5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Thursday, September 9th, 2021 at 5:43 AM, Oli Kon via Gnupg-users <gnupg-users at gnupg.org> wrote:

> On 2021-09-08 4:53 p.m., Mark H. Wood via Gnupg-users -
> 

> gnupg-users at gnupg.org wrote:
> 

> > I didn't know where else to turn, for folks who might be able to point
> > 

> > me at standards for or discussion of embedding crypto signatures in
> > 

> > image formats, to detect tampering with the image.
> 

> There are no standards that I have ever heard about that would
> 

> be specific to ~image~ files; so I would ask this:
> 

> Which particular image file type are you interested in (.jpg,
> 

> .tiff, .png, .bmp, .psd...) are you interested in, and why is it
> 

> not appropriate to simply consider such file as another binary
> 

> file that someone needs to digitally sign?
> 

> Gnupg-users mailing list
> 

> Gnupg-users at gnupg.org
> 

> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 855 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210910/53af02bf/attachment.sig>


More information about the Gnupg-users mailing list