Off-topic: standards for embedded signing of digital images?

Oli Kon olikon at
Sat Sep 11 20:53:57 CEST 2021

On 2021-09-10 8:00 p.m., Ryan McGinnis via Gnupg-users - 
gnupg-users at wrote:
> Years ago, I think Canon offered some kind of in-camera file format 
> that supposedly could prove that the file had not been tampered with.  

We appear to be talking about two different things here. Both Nikon
and Canon had developed a system which, purportedly, guaranteed that
an image file represented "a reality, as the camera has seen it".
This is no more possible than constructing a ~perpetum mobile~, for
no matter what the in-camera software and hardware did, the lens
could be simply pointed to a synthetic image that is a faked reality, 
and camera would be none the wiser. By that naive logic, we could
point the lens at the Botticelli's painting and camera would produce
a cryptgraphically signed file that guaranteed that the photographer
was present when Venus was born. Both Nikon and Canon quickly
realized the error of their ways and quietly dropped the whole idea.

Is is a completely different thing for an owner of a private
cryptographic key to sign a file, and clearly state what it is that
he or she guarantees. That is a trivial process but it requires
three things: a clear statement of what is it that the file signer
guarantees, a secure conveyance of matching public key into the hands
of the image user and a detached or "baked-into-file" signature.

Since all three things are required, I see no significant advantage
of an in-file (as opposed to a detached) signature.

More information about the Gnupg-users mailing list