§ Independent verification
You don't have to trust LOCUS.
You can verify everything yourself.
Every acquisition is a self-contained, third-party-verifiable package — by the opposing party too, even offline, with open standard tools. This page explains, step by step, how to confirm (or challenge) the authenticity of a LOCUS bundle.
The principle
Trust-free verification
The strength of digital evidence cannot rest on the word of whoever produced it. That is why LOCUS does not ask you to believe it: it uses only open, public standards — BagIt (RFC 8493), SHA-256/512 (FIPS 180-4), Ed25519 signatures (RFC 8032), RFC 3161 timestamping, CASE/UCO sidecar — that anyone can recompute with third-party tools, with no LOCUS software at all.
Reproducible
The same checks yield the same result on any computer, today and years from now.
Vendor-independent
The timestamp is issued by a third-party Authority (Sectigo / InfoCert), not by LOCUS.
Tamper-evident
Any change, even a single byte, breaks the seals and is detected on verification.
What you receive
Anatomy of the bundle
The bundle is a plain .zip following BagIt RFC 8493. Inside, every file has a role; two “seals” (manifest and tag-manifest) guarantee integrity and a third-party timestamp fixes the date.
Five independent paths
How to validate, from simplest to most rigorous
Three of these tools travel inside the bundle itself: verification depends neither on our website nor on any external software.
1 Public verification page
Open /verify/<code> on this site and enter the 6-character code (or the UUID). It recomputes hashes, RFC 3161 timestamps and signature in real time. No tools, accessible to anyone — including a judge from the browser.
2 interactive.html
Inside data/. Double-click it in any browser, with no connection: it recomputes the file hashes locally (the browser's Web Crypto, no upload) and compares them with those signed in the manifest. It shows the outcome, details and perceptual fingerprints for each item.
3 verify.sh · verify.bat
Self-verification scripts in the bundle. On macOS/Linux ./verify.sh, on Windows double-click verify.bat. They check payload integrity, completeness (undeclared files), seal integrity and — with openssl — the RFC 3161 timestamps. They use system tools (shasum/sha256sum, certutil, openssl), not LOCUS code.
4 Locus Validator
Standalone desktop app (macOS · Windows · Linux), no login, no telemetry. Drop the .zip and get a traffic-light report with all checks + a validation PDF. Built for court experts who want a repeatable, documented outcome.
5 Manual commands (the ultimate proof)
For those who will not trust any tool — ours or anyone's — the seals can be verified by hand with standard utilities. It is the method that removes any doubt about the vendor: see the section below.
What gets verified
The checks, and what each one proves
- Payload integrityEvery file in data/ matches the SHA-256 declared in the manifest. A change to the media → mismatch.
- BagIt completenessNo “infiltrated” file: every file present in data/ is listed in the manifest (RFC 8493).
- Tag integrityThe tagmanifest seals the service files and the CASE/UCO sidecar: it covers everything outside data/.
- Media hash tripleMD5 + SHA-256 + SHA-512 of the media match those signed in the manifest.
- RFC 3161 timestamp on mediaA third-party TSA (Sectigo / InfoCert) attests the media existed at that date. Verifiable with its public CA.
- RFC 3161 timestamp on tagmanifestCloses the chain of custody: fixes the entire sealed package in time, not just the media.
- Ed25519 signatureThe manifest is signed with a device-bound key (TOFU): it binds content, device and operator.
- Perceptual hashes + histogramSigned aHash/dHash/pHash and histogram: they represent the media without revealing it and are recomputed from the bundle.
- CASE/UCO sidecarForensic metadata in CASE 1.3 / UCO standard, consistent with the manifest and inside the seal.
- Temporal coherenceCapture precedes sealing; NTP time precedes the RFC 3161 timestamp. Inconsistencies → flagged.
By hand, no LOCUS software
Manual step-by-step verification
Extract the .zip and enter the folder. You only need shasum/sha256sum and openssl (on Windows certutil), already present in the operating systems.
-
Payload integrity
# recompute and compare the data/ file hashes
shasum -a 256 -c manifest-sha256.txt # Linux: sha256sum -c manifest-sha256.txt → all OK -
Seal (tag) integrity
shasum -a 256 -c tagmanifest-sha256.txt
-
RFC 3161 timestamp on the media
openssl ts -verify -data data/media.jpg \
-in data/tsa.tsr -CAfile tsa-ca.pem # → Verification: OK -
Timestamp on the tagmanifest
openssl ts -verify -data tagmanifest-sha256.txt \
-in tagmanifest-sha256.txt.tsr -CAfile tsa-ca.pem -
Ed25519 signature and perceptual hashes
The signed manifest is in data/manifest.json (signature field + device public key). The simplest way to verify it is to open interactive.html or use the Locus Validator, which recompute the signature and perceptual fingerprints and confirm the match.
Note: the media filename (media.jpg/.mp4/.wav) is listed in manifest-sha256.txt. The same commands are wrapped in verify.sh/verify.bat.
Why it holds
The trust chain
For the opposing side
If you intend to challenge LOCUS
Good: that is exactly what it is designed for. Here are the most common objections and how anyone can settle them independently.
«The date could have been forged.»
The timestamp is issued by a third-party TSA (Sectigo, or eIDAS-qualified InfoCert) per RFC 3161 and is verified against the Authority's public CA — not material we provide. The eIDAS-qualified timestamp has legal value across the EU (Reg. 910/2014).
«The LOCUS software might lie about the result.»
You can verify without any LOCUS software: shasum/openssl are standard third-party utilities. If their outputs agree, authenticity does not rest on our word.
«The photo could have been retouched.»
Any change to the media breaks the hash triple, the Ed25519 signature and the RFC 3161 timestamp: verification detects it and flags the bundle as altered. There is no “silent” edit.
«The content is not on your servers: how to trust it?»
It is a confidentiality choice (privacy by design): the authority of the evidence is the sealed bundle held by the user, not a copy on a server. The server still keeps the signed histogram and perceptual hashes, which bind the media; full verification is done on the bundle.
«The provenance is not standard C2PA.»
True, and we state it openly: it is a proprietary container “inspired by C2PA/JUMBF”, not readable with c2patool. It is no overclaim: the evidentiary value rests on hashes, signature and timestamp, not on provenance.
«It is a “computational” JPEG, not raw data.»
The capture pipeline is declared and signed in the manifest (capture object): source, capture API, absence of AI editing. Fidelity disclosure is part of the evidence, not hidden.