Prove your digital art is human-made, not AI-generated.
A privacy-first verification system for Krita that captures your creative process and generates cryptographic proof of human authorship — no blockchain, no crypto, no complexity.
In a world where AI can generate photorealistic art in seconds, human creativity needs authentication. Artists spend years developing their skills, and this system helps them prove it.
How do you prove you actually drew something?
CHM is a complete verification ecosystem for digital art:
🎨 Krita Plugin (This Repository):
- ✅ Captures your drawing process (strokes, layers, timing)
- ✅ Analyzes for AI assistance vs. pure human creation
- ✅ Generates tamper-proof certificates with immutable timestamps
- ✅ Protects your privacy (only hashes uploaded, never your artwork)
🌐 Web Verification Tool (certified-human-made.org):
- ✅ Public verification for anyone to check artwork authenticity
- ✅ Works with re-encoded images (Twitter JPEG compression, Instagram, etc.)
- ✅ Displays proof details (classification, timestamps, creation stats)
- ✅ C2PA compatible (Content Authenticity Initiative standards)
The Complete Flow:
You Create → Plugin Certifies → GitHub Timestamps → Anyone Can Verify
Immutable Proof of Authorship:
- ✅ GitHub Timestamp: Permanent, public record (cannot be altered or backdated)
- ✅ Web Verification: Anyone can verify your work at certified-human-made.org
- ✅ C2PA Compatible: Works alongside Content Authenticity Initiative standards
- ✅ Embedded in Image: Proof data stored in PNG metadata (no separate files needed)
Example Proof Details:
{
"classification": "HumanMade",
"stroke_count": 1247,
"session_seconds": 13420,
"drawing_time": 8400,
"layer_count": 5,
"ai_tools": "None",
"timestamp": "2026-01-06T18:50:30Z",
"github_gist": "https://gist.github.com/..."
}Your Privacy: Individual strokes, layer data, and artwork pixels never leave your computer. Only cryptographic hashes are uploaded for verification.
Krita Version: 5.2.0 or newer
Operating Systems: Windows, Linux, macOS
Internet: Required for timestamp generation
Download the latest release ZIP file from GitHub Releases. (NOT source code, the other .zip)
Remember where you save the ZIP file — you'll need it in the next step.
- Open Krita
- Go to Tools → Scripts → Import Python Plugin from File...
- Select the ZIP file you downloaded
- When prompted to enable the plugin, click Yes
Krita must be restarted for the plugin to load properly.
After restarting Krita:
- Go to Settings → Configure Krita (or Krita → Preferences on macOS)
- Select Python Plugin Manager from the left sidebar
- Find "Certified Human-Made" in the list and ensure it's checked ✅
- Click OK
Open CHM Docker in Settings → Dockers → CHM Proof Exporter
- Create or Open a document in Krita
- Start Drawing → CHM automatically tracks your creative process
- Generate Proof → Go to Tools → Scripts → CHM Verifier → Generate Proof
- Get Immutable Timestamp → Your proof is automatically registered on GitHub (public, verifiable)
- Share Your Work → Post your artwork anywhere — proof is linked to the image
Embedded in Image: Proof data is automatically embedded in your exported PNG file metadata — no separate files to manage!
GitHub Gist: Immutable public record viewable at the GitHub URL shown after generation
Your Exported Artwork: Simply share your PNG file — the proof travels with it
Anyone can verify artwork at certified-human-made.org:
- Upload Image → Drag and drop any artwork
- Instant Verification → Checks against CHM and C2PA authenticity standards
- View Proof → See creation details, timestamps, and classification
- Share Results → Link to verification results page
Works with re-encoded images! Even if someone downloads your art from Twitter (compressed to JPEG), the verification system can still confirm it's your certified work using perceptual hashing.
- ✅ SHA-256 hash of encrypted session (irreversible)
- ✅ SHA-256 hash of exported artwork file
- ✅ Classification ("HumanMade", "Referenced", "MixedMedia", "AIAssisted")
- ✅ Aggregated counts (stroke count, layers, session duration)
- ❌ Your artwork (pixels)
- ❌ Individual brush strokes (coordinates, pressure, timing)
- ❌ Layer names or pixel data
- ❌ Reference images
- ❌ Any identifiable creative process data
How It Works: All session data encrypted locally (AES-256-GCM). Only a cryptographic hash is timestamped publicly. Even we cannot decrypt your creative process.
Read More: Privacy & Data Flow
Issue: CHM doesn't show up in the Python Plugin Manager list.
Solutions:
- Ensure you installed via Tools → Scripts → Import Python Plugin from File...
- Check that you selected the ZIP file (not an extracted folder)
- Restart Krita after installation
- See the detailed installation guide for manual installation steps
Issue: The checkbox next to "Certified Human-Made" is greyed out or won't stay checked.
Solutions:
- Check the Scripter console (Tools → Scripts → Scripter) for error messages
- Verify Krita version is 5.2.0 or newer: Help → About Krita
- Try reinstalling: Tools → Scripts → Import Python Plugin from File...
- On macOS: See macOS-specific fixes
Issue: Plugin appears enabled but doesn't show any messages or functionality.
Solutions:
- Restart Krita after enabling the plugin
- Create a new document (some plugins require an active document)
- Open the Scripter console to see debug output: Tools → Scripts → Scripter
- Try generating a proof after drawing some strokes to confirm functionality
Issue: Error generating proofs or "Network error" messages.
Solutions:
- Ensure you have an active internet connection
- Check that GitHub is accessible (plugin uses GitHub Gist for timestamps)
- Try again in a few moments (temporary network issues)
- The plugin will still capture session data locally — timestamps can be added later
- Installation Guide: krita-plugin/INSTALLATION.md — Detailed troubleshooting steps
- Testing Scripts: See
debug/folder for diagnostic tools - Report Issues: GitHub Issues
- Discussions: GitHub Discussions
The CHM ecosystem includes a free public verification tool where anyone can check if an image has been certified as human-made:
Upload → Verify → Share
Dual-Hash Verification:
- Exact Match: Original file verification (file_hash matches)
- Perceptual Match: Works with re-encoded images (e.g., Twitter/Instagram compression)
What You Can See:
- ✅ Classification (HumanMade, MixedMedia, AIAssisted)
- ✅ Creation details (stroke count, session duration, drawing time, layers)
- ✅ Triple timestamps (GitHub, Internet Archive, CHM Log)
- ✅ AI tools detection (None, or which AI plugins were detected)
- ✅ Platform and metadata (canvas size, Krita version)
How It Works:
- Artist creates artwork in Krita with CHM plugin
- Plugin generates proof and registers cryptographic hash on GitHub
- Anyone uploads image to certified-human-made.org
- System matches the image (even if re-compressed) to the registered proof
- Results displayed with full transparency about creation process
Privacy Protected: The verification system only stores cryptographic hashes. Your actual artwork, brush strokes, and creative process data remain on your computer.
Try It: certified-human-made.org
Brush Strokes → Layer Operations → Imports → Plugin Usage
↓
Encrypted Session File
(~/.local/share/chm/sessions/)
- AI Plugin Detection: Scans for AI tools (Krita AI Diffusion, etc.)
- Import Analysis: Tracks imported images and their usage
- Pattern Analysis: Human vs. AI workflow patterns
Classification Levels:
HumanMade: Purely human work (no AI plugins, no imported images visible)MixedMedia: Non-reference images imported (may be visible in final export)AIAssisted: AI plugins detected and enabled
Encrypted Session → Dual Hashes → Immutable Timestamps → Web Database
├─ File Hash (SHA-256) ↓
└─ Perceptual Hash (pHash) ↓
GitHub Gist (public)
Internet Archive
CHM Local Log
Dual-Hash System:
- File Hash: Exact file verification (proves unmodified original)
- Perceptual Hash: Visual content verification (survives JPEG compression, format changes)
Why This Matters: Your artwork shared on Twitter/Instagram gets compressed to JPEG. The perceptual hash ensures verification still works even when the file is re-encoded!
Triple Timestamping (Not Blockchain):
- ✅ GitHub Gist: Immutable Git commit history (legally recognized)
- ✅ Internet Archive: Wayback Machine snapshot (third-party verification)
- ✅ CHM Public Log: Append-only HMAC-signed log (offline verification)
Why Not Blockchain?
- ✅ Zero cost: No fees, no crypto needed
- ✅ Publicly auditable: Anyone can verify timestamps
- ✅ Environmentally friendly: No proof-of-work mining
- ✅ Legally recognized: Git commits are court-admissible
Anyone uploads image → Compute hashes → Database lookup
↓
┌──────┴──────┐
Exact Match Perceptual Match
↓ ↓
"Original File" "Visual Match - Re-encoded"
↓ ↓
Display Proof Details
(classification, strokes, session time, drawing time, AI tools, timestamps)
Result: Anyone can verify your artwork is human-made, even years later!
- Architecture: System design & data flow
- Installation Guide: Detailed setup instructions
- Security Audit: Comprehensive security review
- Security Quick Reference: Security features overview
- Production Readiness: Release preparation status
- Tamper Resistance Testing: Manual testing guide
- Automated Test Suite: Automated security tests
- Web App Integration Guide: API specification for verification
- Dual-Hash Strategy: How re-encoded image verification works
- Verification Logic: Step-by-step implementation
- Try It Live: certified-human-made.org
For Users: See the Installation section above — you don't need to build from source!
For Developers:
- Rust 1.70+ (install)
- Python 3.9+ (Krita's bundled version)
- Krita 5.2+
- Git
# Clone repository
git clone https://github.com/armstrongl/krita-certified-human-made.git
cd krita-certified-human-made
# Build Rust core and install plugin (one command)
./install-plugin.shThe install script will:
- Build the Rust library with correct settings for Krita
- Copy/symlink the plugin to your Krita plugin directory
- Handle platform-specific configuration (macOS code signing, etc.)
If you prefer manual control:
# Build Rust library
cargo build --release
# Copy compiled library to plugin
# macOS:
cp target/release/libchm.dylib krita-plugin/chm_verifier/lib/chm.so
# Linux:
cp target/release/libchm.so krita-plugin/chm_verifier/lib/chm.so
# Windows:
copy target\release\chm.pyd krita-plugin\chm_verifier\lib\chm.pyd
# Install to Krita plugin directory (see platform paths below)
# Then restart KritaPlatform-Specific Plugin Directories:
- macOS:
~/Library/Application Support/krita/pykrita/ - Linux:
~/.local/share/krita/pykrita/ - Windows:
%APPDATA%\krita\pykrita\
See krita-plugin/INSTALLATION.md for detailed development setup instructions.
Run Tests:
# Rust tests
cargo test
# Timestamp tests (requires network)
cargo test --ignored
# Python bindings test
./tests/test_python_bindings.sh
# Tamper resistance tests (automated security tests)
./tests/run-tamper-tests.sh
# Run with coverage
./tests/ci-tamper-tests.sh --coveragekrita-certified-human-made/
├── src/ # Rust core library
│ ├── lib.rs # Module exports
│ ├── session.rs # Session management
│ ├── events.rs # Event types
│ ├── proof.rs # Proof generation
│ ├── analysis.rs # Classification engine
│ ├── crypto.rs # Encryption & signatures
│ ├── error.rs # Error handling
│ └── python_bindings.rs # PyO3 Python API
├── krita-plugin/ # Python Krita plugin
│ └── chm_verifier/ # Main plugin
├── tests/ # Rust + integration tests
├── docs/ # Documentation
└── Cargo.toml # Rust dependencies
We welcome contributions! See CONTRIBUTING.md for guidelines.
- Testing: Beta test on different OS/Krita versions
- Documentation: Improve user guides, add translations
- AI Plugin Detection: Maintain registry of AI plugins
- Import Detection: Improve image analysis algorithms
- UI/UX: Polish PyQt5 dialogs
GPL-3.0 (same as Krita) - see LICENSE
This ensures compatibility with Krita's licensing and potential future integration.
- Krita Team: Amazing open-source painting software
- GitHub: Free git hosting & immutable timestamp infrastructure
- Art Community: Feedback on privacy & usability
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Made with ❤️ for artists fighting AI art misrepresentation
Your creativity deserves proof.