PROOF is for anyone who needs to be able to prove that a file is the same one they sent. Photojournalists protecting source photos. Lawyers signing exhibits. Architects sending plans. Authors timestamping a manuscript. Anyone who has had a document come back with a small change someone hopes no one will notice.
You drop a file into PROOF. The app generates a unique signing key for you the first time you use it (this key is stored in your computer's secure vault, the same place your operating system stores your saved passwords). PROOF then computes a one-way fingerprint of the file, signs the fingerprint with your key, and embeds the signature inside the file using the C2PA format. The file looks the same and works the same in every program that opens it. But now any C2PA-aware reader can check the stamp and tell you whether the file has been changed since you signed it.
You drop a signed file back into PROOF (or any other C2PA-aware reader). PROOF reads the embedded stamp, recomputes the fingerprint of the current file, and compares them. Three possible answers:
Valid. The file has not changed since signing. The signer can be identified by their public key.
Tampered. The file has changed since signing. The signature does not match the current file. Something was edited, added, or removed.
No stamp. The file was never signed by PROOF or any other C2PA tool. PROOF cannot say anything about whether it has been changed.
PROOF proves a file has not been changed. It does not prove who the signer is in real life. A stamp is mathematically tied to a specific signing key, not to a specific human or organization. Whoever checks the stamp has to decide on their own whether to trust the signer behind that key. This is true of every digital signature system, including the ones used in court and at scale by big companies. PROOF is honest about it in the app.
PROOF can stamp images (JPEG, PNG, WebP, AVIF, TIFF, HEIC, HEIF), video (MP4, MOV, MPEG), audio (WAV), and PDF. For other file types, save your work as a PDF first and then stamp the PDF.
Generate your signing key in the OS secure vault. Sign one file at a time. Verify any C2PA-stamped file. Local history of every sign and verify. Strong cryptography (ES256, ES384, EdDSA).
Everything in Free. Plus PDF verification certificates for client work. Sign many files at once. Support for hardware keys (YubiKey, FIDO2). Third-party timestamp service for cases where a court might ask.
PROOF makes zero outbound network calls. Your signing key never leaves your device. Your files never leave your device. The stamp is embedded in the file itself, so verification works without any server. Cinderpoint never sees what you sign, who you sign for, or how often you use the app.
Read the privacy policy for the full statement.
PROOF is built on Electron, React, TypeScript, and the open-source c2pa-node library (Apache 2.0) maintained by the Coalition for Content Provenance and Authenticity. Keys are stored using Electron safeStorage (DPAPI on Windows, Keychain on Mac, libsecret on Linux). All bundled open-source dependencies are credited in the NOTICE file shipped inside the app.
Version 1.0 is built and tested. Store submissions in progress. Sign up below to be notified when PROOF goes live in your store.