Image watermark

You can embed both visible and invisible watermarks into images.

• If you embed a visible watermark, you can see the watermark information directly on the image to identify the person responsible for a leak.

• If you embed an invisible watermark, the watermark is not visible to the naked eye. You must extract the watermark information in the SASE console to identify the person responsible for a leak. For best results, the image used for embedding and extraction should be processed in a way that is robust to common manipulations.

Most cases of information leaks or copyright disputes involve invisible watermarks.

How it works

Prerequisites

You have purchased the image watermark service. For more information, see Digital watermark billing overview.

Embed the SDK

Before you begin

You have a Linux server with an x86 architecture to deploy the image watermark SDK.

Step 1: Download the SDK

1. Log on to the Workspace Security console.

2. In the left-side navigation pane, select Digital Watermarking > Embedding Service.

3. On the Embedding Service page, locate the image watermark service and click Download SDK in the Actions column.

   Download the image watermark package to your computer. The SDK is currently supported only in Java.

   The downloaded SDK package contains the following content:

   • watermark-normalimage-v1.0.12.jar: The SDK package for integrating watermarks. You must add this package to your Maven repository.

   • normalImageLinuxDemo: A demo to test the watermarking feature.

4. Click the icon in the AK/SK information column to copy and save your AK/SK information locally.

Step 2: Integrate the SDK

1. Add the JAR package dependency by using Maven.

   mvn install:install-file  -Dfile=watermark-normalimage-v1.0.12.jar  -DgroupId=com.aliyun.security.sase -DartifactId=watermark-normalimage  -Dversion=v1.0.12  -Dpackaging=jar

   Add the dependency to the pom.xml file.

   <dependency>
       <groupId>com.aliyun.security.sase</groupId>
       <artifactId>watermark-normalimage</artifactId>
       <version>v1.0.12</version>
       <scope>compile</scope>
   </dependency>
   <dependency>
       <groupId>net.java.dev.jna</groupId>
       <artifactId>jna</artifactId>
       <version>5.13.0</version>
   </dependency>

2. Call the API.

   1. Initialize the API.

      /**
       * Initializes the AK and SK.
       * @param appKey The application key.
       * @param secret The application secret.
       * @param useLocalConfig Specifies whether to use a local configuration. 0: remote configuration (requires an internet connection). 1: local configuration.
       */
      WaterMarkNormalImageUtils.init(appKey, secret, useLocalConfig);

   2. Embed a watermark into an image and write it to a destination file.

      WaterMarkNormalImageUtils.init(appKey, secret);
      ParamsFile paramsFile = new ParamsFile();
      // Source file path. Supported image formats: JPEG, PNG, TIFF, BMP, and WebP.
      paramsFile.setSrcFilePath(src);
      // The watermark content, which is a decimal string with a value from 0 to 4294967295.
      paramsFile.setWatermarkbitsStr("212121");
      // Use case. 0: general image watermark (default), 1: image watermark for images that will be significantly scaled, 2: extra-large image scenario, 3: large design graphic scenario.
      paramsFile.setParaPtr(0);
      // Value range: [0, 4]. Recommended value: 2 or 3. A higher value provides greater robustness but may reduce visual quality.
      paramsFile.setLevel(2);
      // The desired JPEG compression quality factor for the output image. Value range: [10, 100]. Default value: 95.
      paramsFile.setJpeg_quality(95);
      // Destination file path.
      paramsFile.setDestFilePath(dest);
      /**
       * Embeds a watermark into an image.
       * @param baseParam
       * @return
       * @throws NormalImageException errorCode (error code), errorMessage (error message). For more information, see Error codes.
       * @throws IOException
       */
      WaterMarkNormalImageUtils.waterMarkIntoImage(paramsFile);

   3. Embed a watermark into an image and return a byte array.

      // Embed a watermark from a byte array.
      ParamsBytes paramsBytes = new ParamsBytes();
      // Source file bytes. Supported image formats: JPEG, PNG, TIFF, BMP, and WebP.
      paramsBytes.setSrcFileBytes(srcFileBytes);
      // The watermark content, which is a decimal string with a value from 0 to 4294967295.
      paramsBytes.setWatermarkbitsStr("212121");
      // Use case. 0: general image watermark (default), 1: image watermark for images that will be significantly scaled, 2: extra-large image scenario, 3: large design graphic scenario.
      paramsBytes.setParaPtr(0);
      // Value range: [0, 4]. Recommended value: 2 or 3. A higher value provides greater robustness but may reduce visual quality.
      paramsBytes.setLevel(2);
      // The desired JPEG compression quality factor for the output image. Value range: [10, 100]. Default value: 95.
      paramsBytes.setJpeg_quality(90);
      /**
       * Embeds a watermark into an image.
       * @param baseParam
       * @return
       * @throws NormalImageException errorCode (error code), errorMessage (error message). For more information, see Error codes.
       * @throws IOException
       */
      byte[] destFileBytes = WaterMarkNormalImageUtils.waterMarkIntoImage(paramsBytes);

Error codes

Error code	Description
null_parameters	A required parameter is null.
wrong_parameters	Invalid parameter for embedding.
jvm_error	An error occurred in the Java Virtual Machine (JVM) during embedding.
jni_exception	JNI initialization failed. Check for POI reference conflicts, JDK version issues, or system environment problems.
wrong_fileFormat	Incorrect file format.
imgDecodeError	Image decoding failed.
imgSizeError	Invalid image size.
embedException	An exception occurred during the embedding process.
embedExceptionUnKnow	An unknown error occurred during embedding.
invalid_carrier	Invalid carrier or parameter.
embed_success	Embedding successful.
extract_success	Extraction successful.
extract_fail	Extraction failed.
extract_id_exceed	The extracted ID exceeds the limit.
extract_exception	An exception occurred during extraction.
ossp_error_code_success	The SDK function executed successfully.
ossp_error_code_invalid_param	The SDK was loaded with an invalid parameter.
ossp_error_code_fail_to_download_config	The SDK failed to download the configuration file.
ossp_error_code_fail_to_read_config	The SDK failed to read the configuration file.
ossp_error_code_invalid_config	The SDK configuration is invalid.
ossp_error_code_unauthorized_device	Unauthorized device.
ossp_error_code_liscence_expired	The license has expired.
ossp_error_code_config_mismatch	SDK configuration mismatch.
ossp_error_code_unauthorized_api	The SDK function API is not authorized.
ossp_error_code_invalid_session_id	Invalid session ID for the SDK.
ossp_error_code_api_not_implemented	The requested API is not implemented.
ossp_error_code_unknown	An unknown SDK error occurred.

Extract invisible watermark

You have obtained the leaked file that contains the invisible watermark.

Step 1: Create extraction task

1. Log on to the Workspace Security console.

2. In the left-side navigation pane, select Digital Watermarking > Extraction Service.

3. Click Create extraction task. In the Create extraction service panel, configure the parameters as described in the following table.

   Parameter	Description
   Watermark version	Select the watermark version that you purchased.
   Watermark type	Select Image watermark.
   Bit width of embedded watermark	Set the bit width for the watermark. This value must match the bit width used by the SDK during embedding. The default value is 32.
   Upload file for watermark extraction	Follow the on-screen instructions to upload the leaked file.

4. Click OK.

   After the task is created, it appears on the extraction service page.

Step 2: View extraction result

After the extraction task is completed, view the result to obtain the watermark content.

1. On the Extraction Service page, click Show in the Extraction information column.

2. In the expanded details, you can find the watermark content, which is a decimal number.

   A green checkmark and the Extraction successful status in the result column indicate a successful extraction. The Watermark content type field displays a Base64-encoded string, and the watermark content field shows the extracted watermark value.

Trace the source

Match the extracted watermark content with your mapping service or a custom mapping table to identify the specific individual who leaked the file.

For example, if the extracted watermark content is 123456 and your mapping table shows that 123456 corresponds to John Doe, you can identify employee John Doe as the source of the leak.

Related documents

• To learn about the use cases, features, architecture, and purchase channels of the digital watermark product, see What is digital watermark?.

• To learn about other types of watermark services, see the following topics:

  • Web Page Watermark

  • Document Watermark

  • Short Video Watermark

  • Long Video Watermark