The Coalition for Content Provenance and Authenticity (C2PA) is a good standard with one structural problem from the perspective of a solo creator: it requires a certificate authority. The major commercial Content Credentials implementations and the built-in C2PA signing in higher-end cameras all chain back to vendor-issued certificates. That works fine until the vendor changes pricing, sunsets a product, revokes a cert, or simply goes out of business. Your proof becomes a credential issued by an absent party.
Orphograph solves the same "prove this file existed and is mine" problem with a different trust root. Instead of a vendor CA, we anchor your file's SHA-256 hash to Bitcoin. Verification depends on the Bitcoin chain, not on any company continuing to operate.
Where C2PA is strong
C2PA does something Orphograph doesn't: it describes the full capture-and-edit history of a file. If you shot a photo on a C2PA-enabled camera, edited in a desktop image editor, exported with Content Credentials enabled, the signed manifest records the camera model, the edit operations, and the signing identity. That's genuinely useful — and we don't try to replace it.
Where C2PA gets uncomfortable is its dependency structure. The manifest is signed using a certificate. The certificate is issued by a participating organization. Verifying the signature later requires the certificate chain to still be valid and reachable. If the issuer is gone, the verification path becomes brittle.
Where Orphograph is strong
Our proof has one root: the Bitcoin blockchain. To forge an Orphograph receipt, you would need to either find a SHA-256 collision (cryptographically infeasible) or re-mine the Bitcoin chain from the anchored block onward (economically infeasible at approximately the GDP of a mid-sized country). No certificate authority can revoke your proof. No company's bankruptcy can invalidate it. The verifier code is open source and small enough to audit in an afternoon.
We also don't lock you to a file format. SHA-256 treats every file as a bag of bytes. RAW, JPEG, MP4, FLAC, PDF, ZIP — all anchor through the same flow with the same receipt shape.
Using both together
Many creators use C2PA at capture and Orphograph at delivery. The C2PA manifest describes the lineage; the Orphograph receipt locks the final exported file's hash to a Bitcoin block. If the C2PA chain ever breaks because of a vendor change, the Orphograph anchor still proves the file's bytes were on disk by date X — independent of any CA.
What we don't claim
We don't claim this is legal evidence on its own. We don't claim it proves you took the photo — only that some file with these exact bytes existed at the anchored time. We don't certify identity. If you need bound-identity provenance, C2PA's signing model is a better fit. If you need vendor-independent timestamp evidence, Orphograph is the cheaper, more durable answer.
FAQ
What does C2PA actually prove?
It cryptographically signs a manifest of capture and edit history using a vendor-issued certificate. Verification requires the certificate authority and its chain to remain reachable.
How is Orphograph different?
We anchor a SHA-256 of your file to Bitcoin. Verification depends on the Bitcoin chain, not on any vendor's CA. No certificate to expire, no authority to charge for verification.
Can I use both?
Yes — and many creators do. C2PA describes lineage, Orphograph locks the export's bytes to a block. The two layers are complementary.
Does this work for video and audio?
Yes. SHA-256 is content-agnostic. RAW, JPEG, MP4, WAV, FLAC, PDF, ZIP — all anchor the same way.
What's the failure mode of vendor-CA provenance?
A CA can revoke certs, change terms, charge for verification, or wind down a product. The proof's value drops to whatever the vendor decides. A Bitcoin anchor has no vendor in that position.