Off-topic: standards for embedded signing of digital images?
stefan.vasilev at posteo.ru
Sun Sep 12 01:54:08 CEST 2021
Mark H. Wood wrote:
> I didn't know where else to turn, for folks who might be able to point
> me at standards for or discussion of embedding crypto signatures in
> image formats, to detect tampering with the image.
I do not know any, but like to add my POV. Let's say GnuPG could
digitally sign a .png image, i.e. inserting the signature
in the image and later a user could verify the steganographically
signature. What happens if Eve uses Photoshop and does a slightly image
correcting and re-saves the image? It would IMHO give a user then
an invalid signature or none.
Sending images over the Internet, say from an authorized photostudio
(passport photos etc.) can only be savely transmitted (openly) IMHO if
the photostudio would embedd the image in an, for example, digitally
signed .pdf, containing an eIDAS signature, guaranteeing globally
that the image in the .pdf was signed by an authorized photosudio and
not manipulated by a middleman, while in transfer.
 eIDAS is the Digital Signature Standard in the EU for .pdf
which can be verified with the free Adobe Reader.
More information about the Gnupg-users