Verifiable Image Encryption

Cryptographic proof of what was done to an image, without revealing the image. Verify encrypted files without decryption. Open source research implementation. 

Image + Password  β†’  Encrypt  β†’  Encrypted + PoP + DEF
                      AES-256         β”‚         β”‚      β”‚
                                      β”‚         β”‚      └── Verify without decrypting
                                      β”‚         └───────── Proof of what was done
                                      └─────────────────── Lossless encryption

Core Features

Built on ImageMagick with research-grade cryptographic verification capabilities.

πŸ”’

AES-256-CFB Encryption

Military-grade encryption using ImageMagick's built-in cipher. Completely lossless and reversible. Your images are protected with the same encryption standard used by governments worldwide.

πŸ“œ

Proof-of-Processing (PoP)

Every operation generates a cryptographic attestation. Tamper-evident hash verification ensures you can prove exactly what was done to an image without exposing the image content.

πŸ”

Deterministic Fingerprint (DEF)

Generate unique fingerprints that allow verification without decryption. Match encrypted files to originals, detect duplicates, and verify integrityβ€”all without exposing sensitive content.

How It Works

A simple workflow that adds verifiability to image encryption.

1

Upload Image

Send your image to the API or use the CLI tool. Supports PNG, JPEG, TIFF, WebP, and more.

2

Generate Fingerprint

Before encryption, a DEF fingerprint is created capturing the image's structural properties.

3

Encrypt with AES-256

The image is encrypted using your password. Output is a MIFF file with embedded cipher data.

4

Receive PoP

A Proof-of-Processing JSON is generated, documenting exactly what was done with cryptographic verification.

Technical Concepts

Understanding the cryptographic primitives that power SecurePhoto Labs.

PoP

Proof-of-Processing

A Proof-of-Processing is a cryptographic structure that documents what was done to an image without revealing the image itself. It serves as an immutable audit trail for image processing operations.

Each PoP contains a proof_hash computed over all fields, making any tampering immediately detectable. This enables compliance auditing, chain of custody verification, and forensic analysis.

  • Operation metadata (encrypt/decrypt)
  • ImageMagick engine version and quantum depth
  • Input properties (dimensions, colorspace, bit depth)
  • Security policy hash for environment verification
  • SHA-256 proof_hash for tamper detection
{
  "pop_version": "1.0.0",
  "operation": "encrypt",
  "operation_id": "f7224f2e",
  "cipher": "AES-256-CFB",
  "timestamp": "2026-01-01T12:00:00Z",
  "input_properties": {
    "width": 1920,
    "height": 1080,
    "colorspace": "sRGB",
    "format": "PNG"
  },
  "proof_hash": "sha256:0d48ada8..."
}
DEF

Deterministic Encryption Fingerprint

A DEF is a unique fingerprint that enables verification without decryption or password access. It captures both structural and perceptual properties of an image in a deterministic way.

This allows you to match encrypted files to their originals, detect if an image was modified before encryption, and identify duplicates across encrypted archivesβ€”all without exposing the actual image content.

  • Structural hash for content identity
  • Perceptual hash for visual similarity matching
  • Environment-aware (includes policy and engine version)
  • Deterministic: same input always produces same fingerprint
  • Privacy-preserving: no image content exposed
{
  "def_version": "1.0.0",
  "fingerprint": "sp-def-202695501e27",
  "components": {
    "structural_hash": "8926f2161a92...",
    "perceptual_hash": "54438dab659e...",
    "dimensions": "1920x1080",
    "colorspace": "sRGB",
    "policy_hash": "sha256:396040ac"
  },
  "generated_at": "2026-01-01T12:00:00Z"
}

Use Cases

Research applications and scenarios where verifiable image encryption matters.

πŸ›οΈ Compliance & Audit

Prove image processing compliance for GDPR, HIPAA, or internal policies without exposing sensitive content. Generate audit trails automatically.

βš–οΈ Chain of Custody

Document the complete processing history of forensic images. Verify nothing was altered with cryptographic proof.

πŸ”Ž Duplicate Detection

Find matching images across encrypted archives using fingerprints. No decryption needed for comparison.

πŸ”¬ Research

Study verifiable computing patterns, explore cryptographic audit trails, and develop new verification methods.

πŸ›‘οΈ

Security Audit Status: v4 - Production Ready

All critical, medium, and low severity issues have been fixed. The implementation includes built-in API authentication with SHA-256 hashed keys, rate limiting, security headers (CSP, X-Frame-Options, HSTS), and password complexity validation. Only infrastructure-level configuration remains (HTTPS deployment via reverse proxy).

Get Started

Clone the repository and run locally. Full REST API and command-line interface included. MIT licensed.

View Source Code Read Documentation