HEIF Content Provenance
Sign, embed, and verify C2PA manifests in HEIF files (.heif)
What Is HEIF Provenance?
High Efficiency Image File Format, the generic container for HEVC-compressed images. HEIF provenance covers the broader ecosystem beyond Apple-specific HEIC.
With Encypher, HEIF files carry their own cryptographic proof of origin. A C2PA manifest is embedded directly into the file, recording who created it, when, and whether it has been modified. Anyone can verify a signed HEIF file for free, without authentication.
How C2PA Manifests Are Embedded in HEIF Files
- MIME Type
- image/heif
- File Extensions
- .heif
- Embedding Method
- JUMBF box in ISO BMFF/HEIF container
- Container Type
- JUMBF (ISO BMFF)
- Verification Pipeline
- c2pa-python (native C2PA library support)
The C2PA manifest contains a JUMBF (JPEG Universal Metadata Box Format) store with COSE-signed claims. For HEIF files, the manifest is stored using jumbf box in iso bmff/heif container. The signing process does not alter the image content itself. The manifest is metadata, not a modification of the pixels.
Use Cases for HEIF Provenance
- Cross-platform high-efficiency images
- Camera manufacturers
- Image editing workflows
How to Sign HEIF Content with Encypher
HEIF signing is available at the Enterprise tier through the unified /sign/media API endpoint. Upload your HEIF file, and the API returns a signed copy with an embedded C2PA manifest.
curl -X POST https://api.encypher.com/api/v1/sign/media \ -H "Authorization: Bearer YOUR_API_KEY" \ -F "file=@example.heif" \ -F "title=My HEIF Content" \ -F "action=c2pa.created" \ -o signed.heif
Verify HEIF Provenance (Free)
Verification is free and requires no authentication. Any third party can verify a signed HEIF file to confirm its origin, check for tampering, and read the embedded rights information.