Why aren’t cryptographic signatures wrapped around digital images in order to bolster their authenticity? Such a scheme would be strong proof that an image taken with a digital camera did in fact originate from that digital camera. Thus, if someone claims to have photographed E.T., we could at least say that the image hadn’t been digitally altered.
This would also be useful for protection against phishing. A image’s signature could include the website an image is supposed to be viewed from. Any scammer including a logo from the FBI in their email would raise flags in the recipients’ email client, which would compare the image’s source to the source encoded in the signature. If the FBI logo was intended to be served from www.fbi.gov, the email client could immediately warn the recipient that something funny is going on.
Yes, there would be ways around it but faking a legitimate image would be challenging. A scammer could always design his own, unsigned image or remove the signature through a screen capture. However, without the FBI’s cryptographic key being used to sign the image, the scammer could not fake the image’s signature as being from the FBI’s website.
It wouldn’t be a perfect solution to prevent fraud but it would be an important tool to prove a digital image’s validity.
You have read “Why Johnny Can’t Encrypt” right? http://www.gaudior.net/alma/johnny.pdf
It’s about PGP 5.0 but it’s applicable to most all encryption programs. 🙁