AW: Can gpg be used for INLINE signing of multimedia?

Huels, Ralf SCORE Ralf.Huels@schufa.de
Fri Jun 28 14:35:02 2002


> Is it possible to use gpg signing as a parasite to image or audio files,
in
> order to guarantee autenthicity of the content?

Make a detached Signature and ship it together with the image.
`gpg --detach yourimage.jpg` (optionally with -a) will produce a signature
file yourimage.jpg.gpg or yourimage.jpg.asc, that you can later use to
verify the image.

The signature won't be an integral part of the image, you will have to ship
two files and this won't work without the recipient noticing.
I don't know if there is a possibility of putting a signature in an image
file. I guess there would be some recursion trouble (putting the
verification
code inside the data that is to be verified) unless you have an image format
that allows for comment fields.

I usually sign a list with message digests of several images and send the 
signature through http://www.itconsult.co.uk/stamper.htm, in case I might
have to prove authorship. I don't know, if such a proof would hold water
in a german (or any other) court, but it's better than nothing.

Tschuess,
Ralf