Technical Guides

Verify, Then Sign: High-Trust C2PA for Photo Provenance

How Lumethic builds on C2PA's foundation with RAW file verification to create cryptographically-backed proof of photo authenticity for journalism and forensics.

ByLumethic Team
12 min read
Share

Verify, Then Sign: A High-Trust C2PA Implementation for Photographic Provenance

In an age where pixels lie, trust becomes a system property. This article explores how implementing C2PA with rigorous pre-signing verification creates cryptographically-backed proof of photographic authenticity.

Building on C2PA's Solid Foundation

The C2PA standard is a huge leap forward for digital trust. It provides a robust, consistent, and extensible framework for creating a verifiable history of digital assets. A C2PA manifest acts like a notarized chain of custody, letting anyone inspect the provenance of a file. It's a foundational layer for trust, and its importance cannot be overstated.

One of C2PA's greatest strengths is its intentional, content-agnostic design. The standard doesn't dictate what makes a piece of content authentic; instead, it provides a secure and interoperable format for anyone—a camera manufacturer, an editor, or an AI service—to make claims about that content. The trust model is based on signer identity, allowing consumers to decide who to trust for what. This flexibility is a feature, not a bug. It allows C2PA to adapt to countless use cases, from AI-generated art to legal evidence.

This extensibility creates an opportunity for implementers to build high-trust workflows for specific domains. For photojournalism, forensics, and other high-stakes fields where semantic truth is paramount, simply signing a file isn't enough. We need to verify the content before we sign it.

Key takeaway: This is the policy we've implemented at Lumethic: verify first, sign second. Our system is a C2PA-compliant pipeline that adds a crucial pre-flight check. Only once an image passes a gauntlet of computer-vision tests does it earn a C2PA signature. The resulting manifest isn't just a timestamp; it's a verifiable assertion that the JPEG is computationally linked to a specific RAW camera file. This is C2PA working as designed—leveraging its extensible framework to add a powerful, domain-specific layer of trust.

Authenticity and Integrity: Two Sides of the Same Coin

Let's be clear on two terms people often blur: authenticity and integrity are not the same, but both are essential for trust.

  • Integrity is cryptographic. It means the bytes of the file and its manifest haven't been tampered with since signing. C2PA provides this guarantee.
  • Authenticity is semantic. It means the content represents what it claims to represent.

You can have perfect integrity and zero authenticity. A deepfake signed by a well-meaning editor has flawless integrity. You can also have authenticity with broken integrity: a genuine photo recompressed by a CMS that stripped its signature.

C2PA provides the infrastructure to make claims about both. Its primary role is to guarantee the integrity of provenance claims. The responsibility for verifying the semantic authenticity of the content before signing falls to the implementer. This separation of concerns is what allows the standard to be so versatile. Our work focuses on building a rigorous, automated policy for that pre-signing verification step in photographic workflows.

Our Policy: A Verify-Then-Sign Workflow

Lumethic's implementation is built on a simple policy: before a JPEG can be signed, it must provide strong evidence of lineage to a camera RAW file. That evidence isn't based on metadata alone; it's computed from the pixels, noise, and structure of the images themselves.

The Six-Check Verification Suite

Our system runs a suite of six checks in parallel:

  1. RAW Integrity: Is the RAW file plausible? We check file size vs. resolution, sensor noise statistics, and other markers that synthetic RAWs often fail to mimic.
  2. EXIF Consistency: Compares key metadata fields between the RAW and JPEG, flagging implausible deviations.
  3. Structural Similarity (SSIM): Measures perceptual similarity to ensure the scene's structure is preserved through the edit.
  4. Perceptual Hashing: Computes multiple hashes (pHash, aHash, etc.) to ensure scene similarity despite tonal changes.
  5. Histogram Correlation: Compares RGB and HSV histograms to detect significant color or lighting manipulation.
  6. Face Identity Matching: Detects and compares faces to ensure no one has been swapped or removed.

Only if all six checks pass does the system proceed to sign the JPEG. Each check is threshold-based and probabilistic by nature—we're looking for strong evidence across multiple orthogonal signals. The AND-gate logic raises the bar considerably: an attacker must fool all checks simultaneously, which is exponentially harder than fooling any single detector.

Important: We're clear-eyed about what this is: a high-confidence probabilistic assertion, not cryptographic proof of authenticity. Well-crafted sophisticated forgeries might still slip through, which is why we emphasize transparency—publishing our thresholds and scores so the evidence can be independently evaluated.

Custom C2PA Assertions

Once verified, the JPEG is signed with a C2PA manifest that includes standard assertions plus a custom com.lumethic.verification assertion. This is a standard feature of C2PA, allowing implementers to define their own claim types. Our custom assertion contains:

  • Hashes of the verified RAW and JPEG (SHA-512)
  • Individual verificator scores and the thresholds used
  • The date and version of the verification pipeline
  • The hash of the normalized RAW rendition used for comparison

Any preexisting C2PA manifests are preserved as ingredients, ensuring a complete and backward-compatible chain of custody. This is C2PA's extensibility in action.

Why C2PA's Flexibility Is a Strength

A common refrain might be, "Why doesn't C2PA just do this itself?" The answer lies in the standard's robust design philosophy. C2PA provides the vocabulary for a signer to make a claim, and the cryptographic backing to prove who made the claim and when. It intentionally leaves the validation of the claim's content to the signer's policy and the consumer's trust model.

A bad actor can sign an AI-generated image and falsely claim it's a real photograph. C2PA, by design, will record that false claim with perfect fidelity. The cryptographic integrity is intact, but the semantic authenticity is not. The consumer, seeing the signature is from a known bad actor, can then choose to distrust the claim.

This is where implementation-level policies become critical. Our pre-verification step ensures that when our C2PA manifest claims an image is a genuine photograph derived from a specific RAW file, that claim has been computationally verified before we stake our reputation on it. We are using the C2PA framework to make a stronger, more trustworthy claim.

Critical Insight: Without this kind of responsible implementation, C2PA manifests could become cryptographic shells around unverified claims. With it, the assertions within the manifest gain powerful, verifiable grounding.

Inside the Architecture

Under the hood, our system is a high-reliability workflow engine. Each verification step is an independent, idempotent job.

The Verification Pipeline

The process starts by hashing both the RAW and JPEG (SHA-512) and extracting EXIF data. These hashes are used for caching and as immutable references in the final C2PA manifest, a standard practice.

A RAW rendition normalizer then produces a standardized comparison image—a version of the RAW cropped, rotated, and corrected to match the JPEG's field of view. This is non-trivial; small alignment errors can crater SSIM scores.

Once normalized, the verification suite runs in parallel. Each check emits a score and a pass/fail flag based on tuned thresholds. The final decision is a binary AND of all passes. This doesn't eliminate the probabilistic nature of each individual check, but it does mean that a sophisticated forgery must simultaneously defeat multiple independent signals to earn a signature.

Finally, the signer module generates the C2PA manifest using standard libraries, embedding our custom assertion alongside standard ones. This is a textbook example of how the C2PA spec is meant to be extended.

Workflow Stages

1. File Ingestion → Hash (SHA-512) + EXIF Extraction
2. RAW Normalization → Align, crop, rotate to match JPEG
3. Parallel Verification → Run all 6 checks simultaneously
4. Threshold Evaluation → Each check passes/fails
5. AND Gate → All must pass to proceed
6. C2PA Signing → Generate manifest with custom assertions
7. Manifest Embedding → Attach to JPEG with ingredient chain

Why This Implementation Matters

To the uninitiated, this might look like overengineering. Why not just trust camera-native attestations or AI-detection models?

Because those are complementary signals, not a complete solution.

Complementary to Camera-Native Attestations

Camera-native attestations are fantastic for establishing provenance at the moment of capture, but C2PA is still needed to track what happens after the file leaves the camera. Our RAW-to-JPEG check is a perfect complement, providing strong evidence of integrity for the first crucial editing step.

Superior to AI Detection Models

AI-detection models are useful for flagging synthetic content when you have no source file, but they are probabilistic and locked in an arms race with generative models.

Our approach, by contrast, builds a multi-layered probabilistic case from the ground up for a specific workflow: physics (sensor noise), structure (SSIM), and identity (faces). These are orthogonal signals that collectively raise the cost of forgery for anyone trying to pass off a manipulated image as a camera-original derivative.

No single check is foolproof, but fooling all six simultaneously is exponentially harder. For newsrooms, insurance firms, and courts, this matters.

🚀 Ready to verify your photos? Try Lumethic's photo verification platform with 5 free verifications, or contact us to learn more.

The Ethical Layer: Policy as Code

There's a subtle but important ethical shift here. In traditional provenance, you trust the signature because you trust the person. Our model enforces a policy where the content must meet a high evidentiary bar before a signature is granted. The system refuses to sign if the content fails verification, regardless of who submits it.

It's a form of algorithmic ethics, enforced as policy: the system enforces honesty by refusing to participate in unverifiable claims. In practical terms, this is also a liability shield. A newsroom using this pipeline can demonstrate due diligence. A photographer can show their published JPEGs passed rigorous multi-factor verification against their RAWs.

Real-World Applications

For Photojournalists: Prove your images are authentic derivatives of camera RAWs before submission.

For Forensic Investigators: Establish chain of custody with cryptographically-backed verification reports.

For Insurance Adjusters: Verify property damage photos haven't been manipulated.

For Legal Professionals: Present evidence with verifiable provenance in court proceedings.

Technical Trade-offs and Engineering Lessons

Of course, this model has costs. Verification requires the original RAW file, which limits its applicability to workflows where RAWs are available. The computations are expensive. And thresholds must be tuned carefully to balance false positives and false negatives—too strict and you reject genuine edits; too loose and forgeries slip through.

We don't claim to have eliminated this trade-off. What we've built is a transparent, multi-factor verification pipeline that raises the evidentiary bar significantly. Once an image is verified and signed, the downstream trust pipeline becomes simpler. Consumers can check the manifest, review the verification scores, and decide if they trust the signer's policy and thresholds.

Engineering Lessons Learned

A few engineering lessons learned from the field:

  • Lens correction matters: Optical distortion can reduce SSIM scores even on genuine images.
  • Face position gating is crucial: Matching face embeddings without first checking their position leads to false positives.
  • Preserve ingredient chains: When a JPEG already has a C2PA manifest, our new verification manifest must include the old one as an ingredient, as per the spec.
  • RAW heuristics beat AI detectors: AI-generated "RAWs" tend to fail simple physical checks—sensor noise variance, file size vs. bit depth, or EXIF coherence. These cheap tests catch what neural classifiers often miss.

The Counterarguments

Let's tackle the immediate objections head-on.

"This is just a policy, not a new technology."

Exactly. And that's the point. C2PA provides the protocol; responsible implementers must define and enforce strong policies. This article is a case study in what one such policy looks like.

"Most workflows don't have RAWs."

True, and this model is not for them. It targets high-stakes contexts: journalism, forensics, insurance, law enforcement. In those pipelines, RAWs exist. JPEG-only assets can still benefit from C2PA manifests, but they would require different verification policies.

"Thresholds can be gamed."

Yes, but gaming one signal isn't enough. Our implementation uses orthogonal checks. Passing all simultaneously raises attacker cost exponentially. And the thresholds are published in the manifest for anyone to audit, not kept secret.

"AI will soon mimic RAW perfectly."

Maybe, but then verification just becomes the next iteration of the arms race. The point isn't a permanent solution; it's maintaining a moving line of defense grounded in measurable evidence, with the flexibility to add new checks (like PRNU sensor fingerprinting) as they become viable.

Conclusion: A Call for Responsible Implementation

In an age where pixels lie, trust becomes a system property. C2PA provides the foundational infrastructure for that system. Our architecture—verification before signing, RAW-to-JPEG lineage proof, and dual-layer trust—is a prototype for a responsible, high-trust implementation built upon that foundation. It doesn't replace C2PA; it fulfills its promise.

By enforcing semantic verification before cryptographic signing, we aim to ensure that our provenance chains begin with strong evidence, not blind assumption. It transforms "who signed what and when" into "this JPEG passes rigorous verification against this RAW, according to a transparent and auditable policy."

That's not just a technical claim; it's a cultural one. It says we refuse to sign unreality. It says authenticity deserves as much engineering as encryption.

Key Takeaways

  • C2PA is a powerful, extensible framework for content provenance that intentionally separates cryptographic integrity from semantic authenticity
  • Verification before signing raises the evidentiary bar by enforcing pre-signing content validation
  • Multi-factor verification using orthogonal signals (physics, structure, identity) makes forgery exponentially harder
  • Transparency and auditability through published thresholds and scores enable independent evaluation
  • Responsible implementation is the key to making C2PA a true foundation for digital trust

Next Steps

If you're building systems that depend on truth, the responsibility is on you to implement C2PA with strong, transparent, and verifiable policies. Verify, then sign.

Additional Resources

Last updated: January 20, 2025 | Reading time: 12 minutes

Related Reading

Read next →
What Is C2pa
Read next →
Provenance Vs Ai Detection
Read next →
Forensic Photography Legal Cases Chain Of Custody Guide
#C2PA#Provenance#RAW Verification#Technical Deep Dive#Implementation