Off-topic: standards for embedded signing of digital images?

Ryan McGinnis ryan at digicana.com
Sun Sep 12 04:31:08 CEST 2021


No, I think what Canon and Nikon attempted to implement was something that, when paired with a validation software, would say with certainty "this is exactly what the camera wrote to the card".  It wasn't saying anything about whether what was being photographed was real or faked, merely that after the image file was written it wasn't tampered with.  It's a chain of custody thing.  Sorta like signing software -- the signature doesn't mean the software isn't a Trojan, it just means that the software has been signed by whatever key it was signed by, and you decide what that signature means to you.

Unfortunately they never really got the standard down, which is kinda funny since it's the kind of thing that can almost certainly be done.  I guess there just wasn't much of a market for it.  (Probably because altering photos undetectably is very hard to do -- you don't need digital signatures to see that the DA used the clone tool to put the gun in the killer's hand)

-Ryan McGinnis

ryan at digicana.com

http://bigstormpicture.com

5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Saturday, September 11th, 2021 at 2:53 PM, Oli Kon via Gnupg-users <gnupg-users at gnupg.org> wrote:

> On 2021-09-10 8:00 p.m., Ryan McGinnis via Gnupg-users -
> 

> gnupg-users at gnupg.org wrote:
> 

> > Years ago, I think Canon offered some kind of in-camera file format
> > 

> > that supposedly could prove that the file had not been tampered with.
> 

> We appear to be talking about two different things here. Both Nikon
> 

> and Canon had developed a system which, purportedly, guaranteed that
> 

> an image file represented "a reality, as the camera has seen it".
> 

> This is no more possible than constructing a ~perpetum mobile~, for
> 

> no matter what the in-camera software and hardware did, the lens
> 

> could be simply pointed to a synthetic image that is a faked reality,
> 

> and camera would be none the wiser. By that naive logic, we could
> 

> point the lens at the Botticelli's painting and camera would produce
> 

> a cryptgraphically signed file that guaranteed that the photographer
> 

> was present when Venus was born. Both Nikon and Canon quickly
> 

> realized the error of their ways and quietly dropped the whole idea.
> 

> Is is a completely different thing for an owner of a private
> 

> cryptographic key to sign a file, and clearly state what it is that
> 

> he or she guarantees. That is a trivial process but it requires
> 

> three things: a clear statement of what is it that the file signer
> 

> guarantees, a secure conveyance of matching public key into the hands
> 

> of the image user and a detached or "baked-into-file" signature.
> 

> Since all three things are required, I see no significant advantage
> 

> of an in-file (as opposed to a detached) signature.
> 

> Gnupg-users mailing list
> 

> Gnupg-users at gnupg.org
> 

> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 855 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210912/4af0e778/attachment.sig>


More information about the Gnupg-users mailing list