Can digital cameras sign images to prove authenticity?

Yes, they can sign images.

This should prove authenticity although a team claims to have cracked Canon's implementation. Another team did the same for Nikon.

So this is like most digital security issues, it will prove authenticity or monumental effort to circumvent it ;)

The inherent problem here is that if you have physical access to the device that can sign/decrypt the data, you can always break the security. So it is fundamentally impossible, while you can make it harder by using various tricks.

Based on the mix of tags applied to this question, I think there is an important distinction to be made. While there may be technologies which prove an image is unaltered at a digital level, that does not extend to the content as it might be applied with respect to the photojournalism tag. Suppose I take a lemon and paint it the appropriate shade of green. I then take a picture. I may be able to prove to you the picture is unaltered, but it is still a picture of a lemon and not a lime. Ethics aside, I'm not sure you can apply the same analysis to the journalism as to the image.

is it possible to prove that an image is authentic?

I've been told that Japanese police are using cameras with "tamper-proof storage". As far as I can tell, they are ordinary off-the-shelf digital cameras, with special write-once read-many (WORM) storage cards.

The Canon image authentication kit can do this. As with anything related to security, there are technical and physical aspects. Others have pointed out the technical aspects have been called into question, but they still apply assuming you have good physical security. The kit includes an sd card, and it is important to verify where the card has been, and in whose possession at all times. Only then, along with the software kit, can you be assured of authenticity.

http://www.canon.co.jp/imaging/osk/index.html

In general the software on most cameras does not support this, but in theory it is definitely possible. The camera could directly encrypt the image with a public key and since it can only be decrypted with the private key, that could be held only by whoever needs to verify the images. For more details on what is meant by public and private keys, look up RSA Encryption and/or read https://en.wikipedia.org/wiki/Public-key_cryptography for a general overview.

People that hacked the NX300 firmware were able to get very close to this (only downside was that the image was still being written to the card once before being encrypted and deleted, a deeper knowledge of the firmware could change avoid the initial write).
https://sites.google.com/site/nxcryptophotography/

I am not aware of any commercial camera supporting a feature like this from the factory.

If the image is still meant to be viewable, then invisible sorts of signatures can be used (look up "steganography"), but in general these can still be manipulated. Some forms might be altered by manipulation, so there is some potential to detect inauthentic versions.

Itai's answer does mention an attempt at verification that Canon and Nikon made, but doesn't go into the details, and neither did the links. In the case of Nikon:

"ElcomSoft research shows that image metadata and image data are processed independently with a SHA-1 hash function. There are two 160-bit hash values produced, which are later encrypted with a secret (private) key by using an asymmetric RSA-1024 algorithm to create a digital signature. Two 1024-bit (128-byte) signatures are stored in EXIF MakerNote tag 0x0097 (Color Balance).

During validation, Nikon Image Authentication Software calculates two SHA-1 hashes from the same data, and uses the public key to verify the signature by decrypting stored values and comparing the result with newly calculated hash values.

The ultimate vulnerability is that the private (should-be-secret) cryptographic key is handled inappropriately, and can be extracted from camera. After obtaining the private key, it is possible to generate a digital signature value for any image, thus forging the Image Authentication System." -- https://blog.elcomsoft.com/2011/04/nikon-image-authentication-system-compromised/

So they commit the cardinal sin of cryptography, the private key really should not be on the camera, or if it is, it needs to itself be encrypted in a way that prevents extraction. This is of course quite difficult, and the private keys should probably be created/distributed by a channel completely independent of the camera. The method above for the NX300 would only require the public key to be on the camera, but has it's own downsides, like not having previews on camera (the image is encrypted and with no private key it can't be decrypted on the camera). Of course the camera could keep both the encrypted and never-encrypted version, in which case the never-encrypted one can be considered a sort of preview of the official authentic image, which is strictly speaking never seen until authenticated by decryption with the private key.

In the court case scenario this would mean that these private keys would need to be held by the courts, not be those taking the photos or that might deal with them along the way. In the case of photojournalism the private keys could be held by the editors or by independent regulatory bodies. From a marketing standpoint these are a bit difficult to set up, since these individuals and institutions would need to learn how to create private/public key pairs and to distribute the public keys and how people are meant to load the public key to their camera, and people would need to be storing a bunch of encrypted photos they're never going to see as 'just in case' evidence. In the IT space this sort of thing is common enough though, e.g. there are many tutorials on setting up these kinds of keys for SSH.

Edit1: Changed to not say the private key is used on the camera, I think it is not but is just stored there.
Edit2: The hashing approach they use is space saving, but even without the private key it may be possible to make edits to the photo that conform with the hashes in some constrained way.

If the camera signs the image, then you can prove that the image hasn't been altered since it was taken by that particular camera.

In many cases, we apply some post processing. And just using another RAW converter, such as Adobe Camera Raw or Capture One is also post processing in that respect. The file you distribute did not originate from the camera.

Another problem is that each camera would need it's own unique digital signature for this, a process that would make production more complex.

So a much more practical application is to sign it with a digital signature belonging to the photographer. Then anybody can verify that the picture originates from that photographer, and has not been tampered with.

Although I have a good knowledge on cryptographic signatures in general, I am not an expert in how to apply this to photographs, and standards that could apply. This paper however touches on that subject: http://people.csail.mit.edu/kimo/publications/jpeg/tifs11a.pdf