Off-topic: standards for embedded signing of digital images?

Стефан Васильев stefan.vasilev at posteo.ru
Sun Sep 12 01:54:08 CEST 2021


Mark H. Wood wrote:

> I didn't know where else to turn, for folks who might be able to point
> me at standards for or discussion of embedding crypto signatures in
> image formats, to detect tampering with the image.

I do not know any, but like to add my POV. Let's say GnuPG could
digitally sign a .png image, i.e. inserting the signature 
steganographically
in the image and later a user could verify the steganographically 
embedbed
signature. What happens if Eve uses Photoshop and does a slightly image
correcting and re-saves the image? It would IMHO give a user then
an invalid signature or none.

Sending images over the Internet, say from an authorized photostudio
(passport photos etc.) can only be savely transmitted (openly) IMHO if
the photostudio would embedd the image in an, for example, digitally
signed .pdf, containing an eIDAS[1] signature, guaranteeing globally
that the image in the .pdf was signed by an authorized photosudio and
not manipulated by a middleman, while in transfer.

[1] eIDAS is the Digital Signature Standard in the EU for .pdf 
documents,
which can be verified with the free Adobe Reader.

Regards
Stefan






More information about the Gnupg-users mailing list