How Verification Works

This guide explains what happens when someone verifies Verimago-signed content. No account or technical knowledge is required to verify.

For viewers and readers

Click a verify link

When you see a Verimago-signed video, the publisher or creator will include a link:

Verified by Verimago: https://verify.verimago.io/sha256:abc123...

Click it. You'll see:

Shield state: Green (Authentic), Purple (AI-Enhanced), Amber (AI-Generated), or Grey (Unverified)
Publisher: The organisation that signed the content
Journalist: The person who captured it (if they chose to include their name)
Signed at: When the certificate was created
Content type: Authentic, AI-Enhanced, or AI-Generated

No app download, no account, no signup required.

Verify in the app

Open the Verimago Camera app and switch to Verify mode:

QR code: Point the camera at a QR code displayed alongside verified content
Paste URL: Paste any video URL — the app fetches the file, computes the hash, and checks the registry

Verify via API

For developers integrating verification into their platform:

curl https://api.verimago.io/v1/verify/sha256:abc123def456...

Returns JSON with shield state, publisher, metadata, and certificate status.

For URL-based verification (server fetches the file):

curl -X POST https://api.verimago.io/v1/verify/url \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com/video.mp4"}'

What verification checks

When a verify request arrives, the Verimago registry performs these steps:

Hash lookup: Find a certificate matching the SHA-256 content hash

Signature verification: Verify the cryptographic signature against the Verimago CA public key using ECDSA P-256

Certificate status: Check that the signing certificate is active (not expired or revoked)

OCSP check: Online Certificate Status Protocol confirms the certificate hasn't been revoked since the last cache update

If all checks pass: Green shield (Authentic). If AI processing is declared: Purple shield (AI-Enhanced). If AI generation is declared: Amber shield (AI-Generated). If no certificate exists: Grey shield (Unverified). If the hash doesn't match the certificate, verification fails.

What verification does NOT do

Verify the content is "true": A green shield means the video is real footage from a real device. It does not evaluate whether the editorial framing is accurate.
Detect deepfakes: Verimago is proactive signing, not reactive detection. If a video was never signed with Verimago, it will show Grey — we cannot determine if it was generated by AI.
Guarantee the identity of the signer: Anonymous signing is the default. If the signer chose not to include their identity, the certificate will only show device attestation proof.

Caching

Verification results are cached for performance:

First verification: ~50ms (database lookup + signature verification)
Subsequent verifications: ~1ms (Redis cache hit)
Cache TTL: 5 minutes

The X-Cache response header indicates whether the result was served from cache (HIT) or computed fresh (MISS).

Embedding verification in your platform

Social media

When sharing signed content, include the verify link in the caption. This works on every platform today:

New report from the ground in Kyiv.
Verified: https://verify.verimago.io/sha256:abc123...

Websites and apps

Embed a verification badge using the API:

const res = await fetch(https://api.verimago.io/v1/verify/${contentHash});
const data = await res.json();

if (data.verified) {
  showBadge(data.shieldState); // GREEN, PURPLE, AMBER, GREY
}

CMS integration

Add a webhook to your publish pipeline that stores the verifyUrl alongside each video. Render the verification link and shield state in your article template.