Technical Guides

Nikon's C2PA Recall: Why a Camera Signature Isn't Proof

Nikon revoked every C2PA certificate its Z6 III issued after the camera was tricked into signing a fake. What a camera signature proves, and what it cannot.

ByLumethic Team
8 min read
Share

In-camera Content Credentials are one of the better things to happen to photo provenance. Nikon, Canon, Sony, Leica, and Google now sign photos at the moment of capture, and Lumethic builds on the same C2PA standard. But a cryptographic signature answers a narrower question than most people assume. It tells you which camera or identity produced a specific set of bytes, and that those bytes have not changed since. It does not tell you that the bytes show a real, unaltered scene. In September 2025, Nikon's own Content Credentials recall turned that abstract distinction into a concrete one.

Here is what happened, why the cryptography was never the weak point, and what a signature can and cannot stand in for.

What happened to Nikon's Content Credentials

Nikon added C2PA Content Credentials to the Z6 III in firmware version 2.00, which reached cameras on August 27, 2025. Within about a week, a photographer and reverse engineer known as Adam Horshack showed how to make the camera sign an image it had never really captured.

The method used the camera's Multiple Exposure mode. Horshack first created a RAW file whose visible content was a graphic he had made in Photoshop, the words "Hacked by Horshack!" on a dark background, captured on a second Z6 III with Content Credentials switched off. He moved that unsigned RAW to the C2PA-enabled Z6 III, selected it as the first frame of a multiple exposure with overlay set to "Light", and took a second frame with the lens cap on. The camera blended the two and signed the result. Uploaded to the Content Authenticity Initiative's public verification tool, the forged file came back as a genuine, authentic photo captured by a verified Nikon Z6 III.

Nikon first said an investigation was ongoing, then suspended its Authenticity Service. It went further than a pause. In an email to users, the company said the digital certificates issued and loaded onto cameras between the service's launch and its suspension would be invalidated. That covered every certificate the program had produced. As of mid-2026 the service has not returned.

The cryptography worked exactly as designed

It is worth being precise about what failed, because it was not the cryptography. The Z6 III signed the manipulated file correctly. The signature was mathematically valid, the certificate chain checked out, and the verification tool was right to report that a genuine Nikon Z6 III had produced the file. Every cryptographic claim in the manifest was true.

The problem sits one level up, in what those true claims mean. C2PA attests to provenance and integrity. It records which identity signed a file and proves the bytes have not changed since. Neither of those facts says anything about whether the bytes began as light hitting a sensor or as a graphic loaded through a side door. Horshack did not break the signature. He fed the signer content of his own choosing and let the signature vouch for it.

What a camera signature actually proves

This is the distinction that matters for anyone relying on Content Credentials. A camera signature is a strong answer to the question "did this specific device produce this exact file, unchanged since". It is not an answer to the question "is this a truthful photograph of something that happened". Most people read a green Content Credentials badge as the second thing. It only ever meant the first.

The gap opens wherever a camera will sign something other than a plain single capture. In-camera multiple exposures and composites produce files the sensor did not record in one frame, and a signing step that runs after those operations will certify the output all the same. A signature is only as trustworthy as everything that happened before it.

This is not a Nikon problem

None of this is a reason to single out Nikon. The company shipped the feature early, responded within days, and withdrew its certificates rather than leave a known hole open. Any camera that signs at capture inherits the same structural question, and the industry is moving toward capture-time signing across the board, which on balance is good for everyone. Canon, Sony, Leica, and Google's Pixel line all sign photos now. The Nikon case is simply the clearest public demonstration of a property every one of them shares.

The recall also exposed a second, quieter gap. Once Nikon invalidated its certificates, you might expect images signed with them to start failing verification. They do not, at least not automatically. The common C2PA validation tools do not check revocation status by default, so a photo signed with a withdrawn certificate can still pass. Horshack filed a request for the standard tooling to make revocation checking its default behavior. Until validators do, trust in a signature depends on software well outside the camera maker's control.

Verify the content, then trust the signature

The fix is not to abandon signatures. It is to stop treating a signature as evidence of authenticity on its own, and to verify the content before trusting the credential. That means examining the relationship between a camera's original RAW and the image it supposedly produced, and looking at the sensor-level evidence a real exposure leaves behind, such as its noise statistics and the physical fingerprint of the specific sensor. A genuine capture carries that evidence. A graphic routed through a multiple-exposure trick does not.

This is the order Lumethic works in, and we describe it in detail in verify, then sign. Verification comes first, as forensic analysis of the actual pixels and the RAW behind them. The C2PA signature comes second, once there is something real to vouch for. A signature applied that way means what people already assume it means. A signature applied before any verification, as the Nikon case showed, can be made to mean nothing.

What this means if you rely on Content Credentials

If you depend on Content Credentials, the practical takeaways are short. Treat a valid signature as proof of who signed and that the file is unchanged, not as proof that the image is a faithful photograph. For anything high-stakes, like a contest entry or a news photo, keep the original RAW and verify it independently rather than trusting the badge alone. And when you inspect a credential, remember that a passing check does not currently confirm the certificate is still valid.

You can inspect an image's Content Credentials to see exactly what a manifest claims, which is often less than the badge implies. Provenance signing and forensic verification are not competitors. They answer different halves of the same question, and the Nikon recall is the cleanest evidence yet that you need both.

Frequently Asked Questions

Can C2PA Content Credentials be faked?

The signature itself is very hard to forge, and in the Nikon case it was not forged. What can be manipulated is the content that gets signed. In September 2025 a researcher used the Nikon Z6 III's multiple-exposure mode to make the camera sign an image it had not really captured. The credential was cryptographically valid but vouched for manipulated content.

What did Nikon do about the Z6 III C2PA vulnerability?

Nikon suspended its Authenticity Service shortly after the vulnerability was disclosed on September 4, 2025, and invalidated every certificate issued between the feature's launch on August 27, 2025 and the suspension. As of mid-2026 the service has not been restored.

Does a C2PA signature prove a photo is real?

No. It proves which identity signed the file and that the file is unchanged since signing. It does not prove the content is an unaltered capture of a real scene. Establishing that requires forensic verification of the image and its RAW original.

Is C2PA still worth using after the Nikon recall?

Yes. The cryptography worked as designed, and provenance signing remains valuable. The lesson is that a signature should follow verification of the content rather than stand in for it. Lumethic uses a verify-then-sign order for exactly this reason.

Why do revoked C2PA certificates still pass verification?

Because common validation tools do not check certificate revocation by default. A photo signed with a certificate that has since been withdrawn can still show as valid until the tooling is changed to check revocation, which was one of the fixes requested after the Nikon case.


A camera signature is a useful fact. It is just a smaller fact than the badge suggests. If you want to know that an image is a genuine capture, and not only that a camera signed it, Lumethic verifies photos against their RAW originals, with the first checks free and no account required.

Related Reading

#C2PA#Provenance#Content Credentials#RAW Verification#Cameras