Latest
Photography Chain of Custody Experiment  ·  The Best Camera Is Not The One You Have With You  ·  GAS Lives Between Expectation and Reality  ·  The Life of Others  ·  May is Mental Health Month  ·  Separating the Photograph from Its Birth  ·  Never Delete Any Photo  ·  Faces Don't Matter  ·  Teaching Photography #7: Keeping Gear in Its Place  ·  Photography Zine Exchange Launch
✦ opinion

Photography Chain of Custody Experiment

5 June 2026  ·  cedric

Projects change. Photographs move from person to person, from tool to tool. A crime-scene photo passes from the investigator’s camera to a forensic analyst’s workstation to a prosecutor’s presentation software. A heritage digitisation travels from the conservator’s studio through an editor’s desktop to a public archive. At each step someone asks: is this still the original file, or has it been altered?

The Chain of Custody library answers that question with cryptography, not blind trust.

Photo-Verify proof of concept

I talked a while back about how, in a world of AI, chain of trust becomes the only mechanism that can maintain the integrity of photographic information. I reused the idea for my book which was nearly entirely on that subject. Someone mentioned in my Substack comments recently that it would be a good idea to have a mechanism for that.

The idea in short is that you trust some photographers because of reputation, because you know them, or because you know someone you trust who trusts them (and so on). But between the photographer’s act of creation and you, a lot can happen to a photograph: it can be resized, resampled, manipulated, or published and republished. How do you know when you see a photograph on an online newspaper for example if you should trust it? You can’t trust the newspaper, you can’t trust it has not been generated by AI, you can’t trust that someone hasn’t simply re-used an old photo to pretend something has happened recently. But if you could trace the history of the photo, then you could know where it came from. And you could even request to see the original.

So last night, I thought that maybe I should have a go at this and I created a simple proof of concept library called “Chain of Custody”. I’m not a cryptography professional and I’m not involved in the forensics field. So I approached the idea naively from my software engineer experience. Don’t take it as an industry standard (though I wrote a standard document for all the mechanisms and formats for future reference), I may have well done it wrong.

To bring it to the world, I created a simple website that allows signing, verifying, and creation of chain of custody for photographs: Photo-Verify. It should be simple enough to use intuitively and currently handles JPG, TIF, PNG, CR2, CR3, NEF formats. More can probably be added, I just haven’t tried yet (or I don’t use those formats). To check a signature, no need to register. For signing and creating a chain, as the system needs to know who you are, you’ll need to create a user and verify your email address (remember to check your spam folder).

The idea is that the system embeds a SHA-256 checksum directly into the image file itself using the file’s own metadata mechanisms: a private TIFF tag, a JPEG APP8 marker, a PNG ancillary chunk, or an ISOBMFF box for raw camera formats like CR3. The checksum is computed from the file content alone, so any modification breaks the signature. The same hash is stored in a database alongside the author’s identity and if relevant a pointer to the previous signature, forming an auditable chain that can be followed backward through every version.

The verification process reconstructs the original file, computes the hash again, and compares. If they match and a database record exists, the file is authentic. If the hash matches but no record is found the file is untampered but its provenance is unknown. If the hash doesn’t match the file has been altered since it was signed.

A separate lookup feature lets you upload any unsigned file and search the database by content hash to discover whether a signed version of that same file exists elsewhere in the chain.

This is not watermarking, not DRM, not encryption. It is a forensic chain of custody built on standard image formats and ordinary mathematics. No external blockchains, no proprietary formats, no third-party services. The signature travels with the file and can be verified by anyone who runs the library or has access to the website.

The process even applies to posting things to sites that modify the photos (e.g. Facebook, Twitter/X, etc): sign your original, post it, download it back, sign the downloaded image as an update to the original (update tab), and your modified social media photo is still identified as yours.

This is different from some initiatives that aim to prove the camera origin of photos to avoid any change since the shutter was clicked. The point here isn’t to guarantee how the photograph was made, but to follow its history, whatever happens to it. It’s a sort of second, more pragmatic, step to insure we know what we’re looking at.

The project lives at https://photo-verify.org. The source code, the full protocol specification, and the documentation will be available after testing (just in case things change because of feedback).

Technically, the stack is a simple PHP 8.x, MySQL, and the built-in image parsers. It handles JPEG, PNG, TIFF, Canon CR2 and CR3, and Nikon NEF. The entire library fits in a few thousand lines of code and has no dependencies beyond PDO.

Chain of Custody was built for photographers, forensic analysts, cultural-heritage institutions, and anyone who needs to prove that a digital image has not been tampered with between the moment it was signed and the moment it was verified.

What Photo-Verify is not:

  • An authentication mechanism to prove that the photo has never been modified. Proof of creation should be handled in-camera. In fact the library is the opposite: it allows any modification, but it records the change by resigning the new file. This allows finding the original author of the file and therefore the original image.
  • A mechanism to record what has been changed in a photograph. Anything can be done to the photos, we’re not here to stop creativity. Just record the new version and the chain is preserved to the original.
  • A system to check the origin of a photo by analysing it like Google image search. Only photos that have been processed by the system can be checked. It is however possible to lookup a match from an unsigned photo if it was otherwise signed by the system in the past (for example to prove that a photo is yours, even if the unsigned original was stolen from you).
  • A way to stop people from stealing your photos. We can’t stop people from modifying your photos and removing the signature. But the point of this mechanism is that they wouldn’t be able to attribute a photo they modified to you. It is also possible to lookup a signature using an original unsigned photo.
  • A library of images where you can look up an image and download it. No photos are stored on the server, they’re yours only.

What if someone registers your photos as theirs?

  • We can’t stop that. The workflow I’d follow is as follows:
    • Every time I plan to publish a photo or send it a photo for publication, sign the original raw file.
    • Then when I send it or publish it online (on your own site, in an online publication), sign the new version I’m sending before sending it. That way, it is possible to trace any version of the photo to my original.
    • Online newspaper editors and online publication editors can/should also sign the images that they publish to keep the chain of custody consistent and prove who took the photo.

Go check it out, test it, break it, send feedback.

#Photography #Opinion #IMayBeWrong #ChainOfCustody #Security #Authentication

Leave a Reply

✦ About
The
Photographer
Full about page →

A software engineer looking 50 in the eye. Photography picked up over 20 years ago, then set aside as life intervened — and recently returned to, with a deliberate focus on monochrome. Also drawn to found negatives: rolls of film abandoned by strangers, full of lives worth rescuing from obscurity.