You'd make the camera reach out to a signing server for the user's signature. You'd even sign the whole photo, not a hash supplied by the camera, to give you (via the server) a chance to verify the image was correct.
Or, you'd adapt a hardware wallet to do the same. Either way, there'd be two devices from two manufacturers, communicating over a transparent protocol.
Or, you'd adapt a hardware wallet to do the same. Either way, there'd be two devices from two manufacturers, communicating over a transparent protocol.