> I've done some thinking about how this image signing device would have > to work. My guess is that the special compact flash card has two extra > things: As far as I see, it is a Smart Card, not a compact flash card.
> * A co-processor to compute the encryption That's right. A Smart card is a little computer. > * A hidden secret "key" unique to that card The key cannot be downloaded. You pass data to the card and you get the computed data back. > Even if the algorithm (f) is known and you have large numbers of image and > signature pairs there is no way to find the key better than brute force if > your algorithm is cryptographicaly "strong". The keys are probably at least > 64 bits long, and likely much longer. Usual key length for digital signature cards is 1024 bits. > The verification software would copy an image file to the card and compare a > newly computed signature with the one stored in the image header. You usually calculate a hash value of the image and upload just this 'fingerprint' to the card. The real issue is: Does the camera itself sign the images or is this signature performed after it has been downloaded to harddisk? Does the camera have keys on board or do they have to be uploaded? Pawel Nabe Office: +49 / 711 / 821 46606 PaN Super Sonic Software Service Private: +49 / 30 / 447 33 452 expert for hi tech & low budget Mobile: +49 / 171 / 267 54 63 * **** ******* *********************************************************** * For list instructions, including unsubscribe, see: * http://www.a1.nl/phomepag/markerink/eos_list.htm ***********************************************************
