HEIC Content Provenance
Sign, embed, and verify C2PA manifests in HEIC files (.heic)
What Is HEIC Provenance?
High Efficiency Image Container used by Apple devices. HEIC provenance covers photos taken on iPhones and iPads.
With Encypher, HEIC files carry their own cryptographic proof of origin. A C2PA manifest is embedded directly into the file, recording who created it, when, and whether it has been modified. Anyone can verify a signed HEIC file for free, without authentication.
How C2PA Manifests Are Embedded in HEIC Files
- MIME Type
- image/heic
- File Extensions
- .heic
- Embedding Method
- JUMBF box in ISO BMFF/HEIF container
- Container Type
- JUMBF (ISO BMFF)
- Verification Pipeline
- c2pa-python (native C2PA library support)
The C2PA manifest contains a JUMBF (JPEG Universal Metadata Box Format) store with COSE-signed claims. For HEIC files, the manifest is stored using jumbf box in iso bmff/heif container. The signing process does not alter the image content itself. The manifest is metadata, not a modification of the pixels.
Use Cases for HEIC Provenance
- Mobile photography
- Apple ecosystem
- Consumer photos
- Cloud photo libraries
How to Sign HEIC Content with Encypher
HEIC signing is available at the Enterprise tier through the unified /sign/media API endpoint. Upload your HEIC file, and the API returns a signed copy with an embedded C2PA manifest.
curl -X POST https://api.encypher.com/api/v1/sign/media \ -H "Authorization: Bearer YOUR_API_KEY" \ -F "file=@example.heic" \ -F "title=My HEIC Content" \ -F "action=c2pa.created" \ -o signed.heic
Verify HEIC Provenance (Free)
Verification is free and requires no authentication. Any third party can verify a signed HEIC file to confirm its origin, check for tampering, and read the embedded rights information.