I’m not expert in encryption, but I think you could store a key in the device that encrypts the hash, then that encrypted hash is verified by Leica servers?
Comment on New Leica camera stops deepfakes at the shutter
luthis@lemmy.nz 10 months ago
Maybe I am misunderstanding here, but what is going to stop anyone from just editing the photo anyway? There will still be a valid certificate attached. You can change the metadata to match the cert details. So… ??
aidan@lemmy.world 10 months ago
lolcatnip@reddthat.com 10 months ago
I don’t know about this specific product but in general a digital signature is generated based on the content being signed, so any change to the content will make the signature invalid. It’s the whole point of using a signature.
luthis@lemmy.nz 10 months ago
I was too tired to investigate further last night. That is the case here, sections of data are hashed and used to create the certs:
c2pa.org/…/C2PA_Specification.html#_hard_bindings
Which means that there isn’t a way to edit the photo and have the cert match, and also no way to compress or change the file encoding without invalidating the cert.
nutsack@lemmy.world 10 months ago
so it’s for jpeg shooters. unfortunately these bodies aren’t really known for producing good jpegs.