Skip to main content

Embed, extract, and verify JPEG Trust provenance metadata

Project description

jpegtrust

Embed, extract, and verify JPEG Trust provenance metadata.

jpegtrust is a Python package for working with JPEG Trust provenance metadata based on the C2PA and JUMBF standards. It lets you embed signed metadata into JPEG images, extract it back out, and verify images against configurable trust profiles.

Installation

pip install jpegtrust

Quick start

from jpegtrust import embed_image, extract_from_file, verify_image, create_profile, save_profile

# Create a trust profile
profile = create_profile(template="newsroom", name="Wire Photo Policy")
save_profile(profile, "profile.yml")

# Embed metadata into an image
embed_image("photo.jpg", "metadata.json", "signed.jpg")

# Extract metadata
metadata = extract_from_file("signed.jpg")

# Verify against the profile
report = verify_image("signed.jpg", "profile.yml")
print(f"{report.status} | {report.score} | {report.passed_checks}/{report.total_checks}")

CLI

# Profile operations
jpegtrust profile list-templates
jpegtrust profile list-checks
jpegtrust profile create --template newsroom -o profile.yml

# Embed metadata
jpegtrust embed photo.jpg metadata.json -o signed.jpg

# Extract metadata
jpegtrust extract signed.jpg
jpegtrust extract signed.jpg -o metadata.json

# Verify
jpegtrust verify signed.jpg profile.yml
jpegtrust verify signed.jpg profile.yml --format json

# Batch operations
jpegtrust batch embed ./photos metadata.json -o ./signed
jpegtrust batch extract ./signed -o ./extracted
jpegtrust batch verify ./signed profile.yml

API reference

Embedding

Function Description
embed_image(image, metadata, output) Embed metadata from a file path or dict into a JPEG
embed_metadata(image_bytes, metadata_dict) Embed metadata into raw JPEG bytes

Extraction

Function Description
extract_from_file(image) Extract and parse metadata from a JPEG file
extract_metadata(image_bytes) Extract raw JSON string from JPEG bytes

Verification

Function Description
verify(indicator, profile_yaml) Verify an indicator dict against a profile YAML string
verify_image(image_path, profile_path) Extract + verify in one call

Profiles

Function Description
create_profile(template, name, issuer) Create a profile from a predefined template
save_profile(profile, path) Save profile as YAML
load_profile(path) Load profile YAML from file
list_templates() List available templates and their checks
list_checks() List all available check definitions

Batch

Function Description
batch_embed(input_dir, metadata, output_dir) Embed metadata into all images in a directory
batch_extract(input_dir, output_dir) Extract metadata from all images
batch_verify(input_dir, profile) Verify all images against a profile

Templates

Template Checks Use case
newsroom All 9 checks Wire photos, editorial verification
insurance signature, timestamp, author, edit history, GPS, pixel hash Claims photo validation
creator signature, author, copyright, AI declaration, pixel hash Artist authenticity
ai-labelling signature, AI declaration, digital source type, AI labelling, edit history, pixel hash, data mining AI labelling
custom None (you pick) Build your own

Trust profiles

Trust profiles are multi-document YAML files that define verification rules. Each rule contains an expression evaluated against the image's metadata:

---
metadata:
  name: "My Profile"
  issuer: "My Organization"
  date: "2025-01-01T00:00:00Z"
  version: "1.0.0"
  language: en

---
- id: signature_check
  expression: >
    declaration.claim.signature_status == "claimSignature.validated"
  report_text:
    'true':
      en: "Valid signature"
    'false':
      en: "No valid signature"

Verification report

report = verify_image("signed.jpg", "profile.yml")

report.status        # "pass" | "warning" | "fail"
report.score         # 0.0 - 1.0
report.verdict       # "trusted" | "mostly_trusted" | "profile_mismatch"
report.passed        # ["signature_chain", "pixel_hash", ...]
report.failed        # ["gps_location", ...]
report.total_checks  # 9
report.passed_checks # 7
report.c2pa          # C2PA detection info
report.to_dict()     # Full report as a dict

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jpegtrust-0.1.0.tar.gz (2.4 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

jpegtrust-0.1.0-py3-none-any.whl (23.9 kB view details)

Uploaded Python 3

File details

Details for the file jpegtrust-0.1.0.tar.gz.

File metadata

  • Download URL: jpegtrust-0.1.0.tar.gz
  • Upload date:
  • Size: 2.4 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for jpegtrust-0.1.0.tar.gz
Algorithm Hash digest
SHA256 d9d2afd1988883ad3cb336452b66911cb886eabadc39be8c0fab2fed82fbe47e
MD5 2d80e103c3c018555d50ee9bfe92bcba
BLAKE2b-256 a97bb74f9fdfc815f1ea5fc9688652c315e2716fb520f2320fa21a3ec9fde7c4

See more details on using hashes here.

File details

Details for the file jpegtrust-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: jpegtrust-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 23.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for jpegtrust-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 24cc75bb3085480a244983875e70b842e92e96ab41d904e75e35f6d2590c6284
MD5 c55687865251fec4784c93acfe12a491
BLAKE2b-256 1a226ecd7b5243984875f965edd4f705a97a5ab9ab14da2336ae56372c1b6029

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page