SDK · v1.0
ProofKit SDK
Hardware-backed, Ed25519-signed media capture for iOS and Android.
What it is
ProofKit is a drop-in capture SDK that replaces or augments your platform's existing photo and video capture flow. Every frame it produces carries a signed attestation — a cryptographic proof binding the content hash, GPS coordinates, capture timestamp, and device identity to an Ed25519 signature generated inside hardware-backed key storage.
The result: media that can be independently verified to have come from a real device, at a real place and time, without modification. Any verifier with access to the Scale Soft root certificate can confirm this in milliseconds.
What it is not: a detection heuristic, an AI-vs-real classifier, or a post-hoc image analyser. ProofKit does not score existing photos for authenticity. It establishes provenance from the moment of capture forward. Detection fails against generative models; provenance does not.
Technical specifications
| Spec | iOS | Android |
|---|---|---|
| Minimum OS | iOS 15.6 | Android 7.0 (API 24) |
| Key storage | Secure Enclave | Android Keystore (StrongBox preferred) |
| Signing algorithm | Ed25519 | Ed25519 |
| Output format | Signed JSON manifest | Signed JSON manifest |
| Embedded metadata | GPS, timestamp, device ID, hash | GPS, timestamp, device ID, hash |
| Binary size | ~0.9 MB | ~0.2 MB |
| Offline capable | Yes | Yes |
| Dependencies | None external | None external |
Installation & quick start
// File → Add Package Dependencies… → enter URL:
https://github.com/scale-soft/ProofKit-dist
// choose "Exact Version" and enter tag: v1_0-ios
// Or in Package.swift:
.package(url: "https://github.com/scale-soft/ProofKit-dist",
revision: "v1_0-ios")
// CocoaPods alternative:
// pod 'ProofKit', '~> 1.0'
import ProofKit
// 1. Configure once — AppDelegate or SwiftUI @main
ProofKitSDK.configure(apiKey: "cpk_your_key_here")
// 2. Register device on first launch (async)
try await ProofKitSDK.registerDevice()
// 3. Open the signed camera
let config = ProofKitCameraConfig()
let camera = ProofKitSDK.makeCamera(frame: view.bounds, config: config)
camera.delegate = self
view.addSubview(camera)
// 4. Receive the signed result via delegate
func proofKitCamera(_ view: ProofKitCameraView,
didCapture json: String) {
// json = full SignatureBundle — send to your server
}// build.gradle.kts — requires mavenCentral()
implementation("net.scalesoft.proofkit:proofkit:v1_0-android")
// settings.gradle.kts — ensure repo is present:
// repositories { google(); mavenCentral() }
import net.scalesoft.proofkit.ProofKit
// 1. Configure once — Application.onCreate()
val error = ProofKit.configure(context, apiKey = "cpk_your_key_here")
// 2. Register device on first launch (suspend)
ProofKit.registerDevice()
// 3. Build camera handler and initialize
val cameraHandler = NativeCameraHandler(context,
NativeSigningHandler(context))
cameraHandler.initialize(
config = ProofKitCameraConfig(),
owner = lifecycleOwner,
onSuccess = { /* camera ready — bind PreviewView */ },
onError = { e -> /* handle */ }
)
// 4. Capture a signed photo
cameraHandler.capturePhoto(
includeLocation = false,
deviceId = ProofKit.deviceId ?: ""
) { filePath, bundleJson, error ->
// bundleJson = SignatureBundle — send to your server
}Verification
On-device via the SDK
Call verify() directly in your app. The SDK runs the full pipeline — Ed25519 signature check, hash comparison, backend key lookup, and device certificate verification — and returns a structured JSON result. No external tooling required.
let result = try await ProofKitSDK
.verify(filePath: path)
// result — JSON with fields:
// status, isSignatureValid,
// isHashMatch, isKeyRegistered,
// isDeviceAttested, reasons[]val result = ProofKit
.verify(filePath)
// result — JSON with fields:
// status, isSignatureValid,
// isHashMatch, isKeyRegistered,
// isDeviceAttested, reasons[]Scale Soft web verifier
The free tool at /verify accepts any file produced by ProofKit. It shows full signature details, device identity, GPS coordinates, and timestamp — useful for spot-checks without writing any code.
Your own infrastructure
Pin the Scale Soft root certificate in your own verification stack. Any system that can validate an Ed25519 signature against a trusted public key can verify ProofKit-signed files independently, with full trust-chain resolution under your control.
Download
Pre-built binaries are available directly from GitHub Releases. iOS ships as an XCFramework (also consumed via SPM), Android as an AAR via Maven Central.
Example apps
Fully working sample projects showing end-to-end ProofKit integration — capture, manifest inspection, and upload. Clone and run in minutes.
iOS — Swift
The iOS example app demonstrates ProofKit integration in a native SwiftUI project — initialising the SDK, presenting a camera view, capturing a signed photo, and displaying the manifest fields.
- Requires Xcode 14+, Swift 5.7+, and an iOS 15.6+ physical device (Secure Enclave unavailable on simulator)
- SDK delivered as a pre-built XCFramework — also installable via SPM or CocoaPods
- README covers Info.plist permissions, device registration, camera config options, and the full delegate API
Android — Kotlin
The Android example app shows a complete Kotlin integration using CameraX under the hood — ProofKit wraps capture and automatically attaches the signed manifest to every output file.
- Requires Android Studio Hedgehog+, Kotlin 1.9+, and a device running Android 7.0 (API 24) or later
- StrongBox-backed signing used automatically when hardware is available; falls back gracefully
- README covers AndroidManifest permissions, device registration, CameraX integration, and all capture callbacks
Request SDK access
Integration is a single dependency and a few lines of code. We'll walk you through it in a 30-minute technical call.