Photojournalism – Do DSLRs offer in-camera file encryption?

Canon used to sell a data validation kit that signed pictures for review EOS-1Ds Mark III and EOS-1D Mark III (just). However, the review aspect was very poor and was called into question. The answer from Canon was to stop the product and release a weasel note that admits it does not work without saying it.

This does not necessarily mean that the encryption aspect does not work, because if done correctly, this is a simpler problem than checking (which attempts to sign something while hiding the ability to sign-inherently flawed). I disagree with another answer stating that it is practically impossible, but I can not find any good documentation on how the system was implemented by Canon (in general, good security has an open design) and would do so at Canon definitely do not trust it.

Lexar has sold a CF card that, in combination with the Nikon D200, requires hash-based authentication before the card can be accessed. This was sometimes shown as encryption, but it was not. More information can be found in this blog post by security expert Bruce Schneier and in the comments. In short, no real encryption – and for current cameras anyway not available.

Even if you could encrypt properly in the camera, I'm pretty sure that in any situation where you can do it by taking photos on an encrypted device where you refuse to turn the keys over, bother or otherwise punish them Not. For example, this is the law in the UK. And in the US, when the prosecution knows about the existence of incriminating files, the courts have ruled that it is not a violation of the fifth amendment that requires the transfer of files. In totalitarian situations, you may not even get such a big benefit. (Suppose, for example, you are in China – it is illegal there per se To have encryption software on your computers without declaring them.)

You can use something like a multi-tier encryption system with a chaff and a wrong "safe" partition, but if the government thinks you're up to it, it probably will not really help.

It might be possible to encrypt the CHDK or even Magic Lantern firmware hacks, but I think it's complicated and big enough that I would not count on it. Another approach might be an Android app, but you should be very careful that the data never hits Flash unencrypted, and I'm not sure how the camera API internals work. Unfortunately, such an app is not known to me.

To be sure, you must use a public-key algorithm that encrypts with both the public key and the private key elsewhere – You have no way to check the images on the device. This is a little impractical, but nothing more than the inconvenience of waiting until you come to a lab to see what's on a movie roll.

If you are sure of the security of your desktop or laptop, you can keep the private key there. If you plan to edit or manipulate the photos on this device, this is already the weak link. In some situations, this may not be enough and you can leave the private key in an absolutely secure location. Keeping the key in another country at home can have other benefits, as it is plausibly impossible to say that she can solve the mystery. (It might not be good for you shebut the data would remain safe.) In practice, a medium-sized key provides protection for all meaningful attacks, and a larger key continues until all people living today are dead, NP have the value P, or quantum computers become a reality (which is certainly at least a while away)

However, I am not aware of any camera or app that does any of this.

Therefore, it is best if you keep very few files on the cards and completely destroy the cards after use. (Simply deleting, even with a secure delete application, is not enough, and according to your previous question, it's not enough to bite and swallow the card.) Of course, this does not protect you from other risks directly related to the Exposure of your pictures.