Digital Certification
Digital Certification generates a third-party timestamped "birth certificate" for your artwork: who owned which file at what moment in time, and proof that the file hasn't been altered since.
When to use it
- The day a piece is finished — the best moment to certify; the earlier the timestamp, the better
- Before publishing to public platforms — lock in the original state before release
- Before delivering commissioned work — prove creation time and ownership, so a client can't dispute it after the fact
- Before submitting to a competition — many contests require proof of originality
- Regular batch archiving — certify a batch of pieces at once to build a creation timeline
How to use it
Find the "Digital Certification" card (stamp icon) in the toolbox:
- Select files — drag and drop or click to choose the artwork files you want to certify
- Enter author info — your name (written into the PDF report and the certification manifest)
- Confirm the certification mode
- Lite certification — used automatically when you only have finished images (PNG/JPG/WebP)
- Full certification — automatically upgraded when source files such as PSD / CLIP / SAI / KRA / Procreate are detected
- Click "Start Certification" — the app computes hashes, builds a Merkle Tree, requests a TSA timestamp, and generates the report, in that order
- Review the result — once done, the app writes the certification package and report into a dedicated output folder; you can go straight to "View Certification Report" or "Open Folder" to retrieve the .nep file
技巧
In a batch, all files are linked together through a Merkle Tree. If even one file is altered, the root hash of the entire tree changes. The files in a batch effectively vouch for one another.
Understanding the output
After certification, the output directory contains:
| File | Description |
|---|---|
evidence.nep | The certification package itself (ZIP format, optional password protection) |
proof.tsa | RFC 3161 timestamp token (issued by a third-party authority) |
proof.json | Local fallback timestamp (when the TSA is unavailable) |
VerificationReport.pdf | Forensic report, with a QR code and verification link |
manifest.json | Structured metadata, including the file list, root hash, and author info |
thumbnail.jpg | Thumbnail collage |
Structure inside the .nep package
evidence.nep (ZIP)
├── manifest.json
├── proof.tsa / proof.json
├── VerificationReport.pdf
├── thumbnail.jpg
└── works/
├── 000_artwork.png
├── 001_artwork.psd
└── ...
Verifying a certification
Method 1: Verification website
The PDF report carries a QR code and a verification link:
https://verify.arisfusion.com?id=<first 16 chars of root_hash>
Method 2: Have Nephele verify the timestamp token
Inside the app, hand Nephele a timestamp token file (.tsr / .tsa / .json); it will read the token, parse the issuing time and issuing authority, check the hash, and tell you whether the token is valid. This step verifies the timestamp token itself; to also check integrity against the original files, use the verification website in Method 1.
Method 3: Manual verification (advanced)
If you have the TSA's certificate chain file, you can verify with OpenSSL:
openssl ts -verify -in proof.tsa -data <original file> -CAfile <TSA cert chain>注意
For verification you must provide the original files as they were at certification time. Any modification (including re-exporting a file with the same name in Photoshop) changes the SHA-256 and causes verification to fail. We strongly recommend certifying your source files together with the finished pieces.
Lite certification vs. Full certification
| Dimension | Lite certification | Full certification |
|---|---|---|
| Trigger condition | Finished images only (PNG/JPG/WebP) | Includes source files such as PSD / CLIP / SAI / KRA / Procreate |
| PDF report | Standard report, 3-star decoration | Adds a "Source File Certification" section, 5 stars + gold badge |
| Evidentiary strength | Proves "I had this finished piece at a point in time" | Additionally proves "I can supply the creation source files" |
| Recommended use | Everyday artwork archiving, social media posts | Commissioned work, competitions, high-value pieces |
提示
At the cryptographic level, both modes use the same Merkle Tree + RFC 3161 timestamp mechanism; the only difference is the scope of what the PDF report attests to. The Lite timestamp itself is equally valid.
Offline certification and TSA fallback
If the timestamp server can't be reached during certification (network failure, proxy issues, server maintenance), Nephele automatically falls back to a local timestamp:
- Generates
proof.jsoninstead ofproof.tsa - The PDF report is marked "Local timestamp, not certified by a third-party TSA"
- File hashes and the Merkle Tree are still computed correctly; only the authoritative time backing is missing
Recommendation: re-certify once your connection is restored to obtain an authoritative TSA timestamp. The local timestamp serves only as a temporary backup.
Password protection (optional)
.nep files support AES-256 password protection. Once a password is set, the certification package is encrypted. Note:
- Requires
pyzipperto be installed (pip install pyzipper) - If it isn't installed, the password setting has no effect and the app will let you know
- Keep your password safe — if it's lost, the files inside the package cannot be recovered