Sign with C2PA

📘

Are you familiar with C2PA? Be sure to read Understand C2PA before proceeding.

What do you need to get started signing? Here are the pre-requisites.

• A Truepic tool and license key for your desired product(s). You can find out details for license key requirements in each product's getting started guide. Don't have access? Contact sales.
  • CLI
  • C2PA Library
  • Android SDK
  • iOS SDK
• Refer to this list for supported formats.

Get a certificate

Before you can start signing in your workflows or applications, your organization needs a certificate. When your files are signed, they will say Signed by: Your Organization's Name in a Content Credentials display. Our products seamlessly integrate with Truepic's Certificate Authority, which is on the C2PA trust list, using just a few lines of code.

• Use the CLI's enroll command to obtain a certificate.
• For the C2PA library, first acquire a certificate through the CLI.
• The Android and iOS SDKs automatically enroll devices upon initialization.

Certificate enrollment functions require Truepic product license keys, and certificates automatically reflect the organization name defined when your Truepic account was set up.

Use cases

This section covers what assets and information you need in order to programmatically sign files across different use cases. Truepic's tools do the rest for you automatically! Click to jump to a section below:

1. Original captures
2. AI-generated media
3. Add C2PA metadata only, without any file changes
4. Modified media

---

Original captures

Sign original, unmodified, camera-captured media for the first time.

With Truepic authentic camera

What you'll need:

• Just the Lens Android or iOS SDK! It handles everything.

Regular signing

What you'll need:

• An unsigned original media file
• Metadata and other information about the image. See Add Assertions.

---

Generated media

Sign new AI-generated media for the first time.

What you'll need:

• An unsigned media file
• A created assertion with an AI digitalSourceType. See Add Assertions.

---

Update metadata only

Sign or resign media to add C2PA metadata only.

What you'll need:

• A file to be signed
• Add Assertions, except for actions. Actions assertions aren't allowed in update manifests

---

Modified media

Sign or resign modified media, disclosing edits and activity.

What you'll need:

• An unsigned, modified file
• Action assertions that describe what changed since the previous version, see Add Assertions
• The previous version of the file, to be added as a parentOf ingredient.
• Any other assets that were brought in to this version of the file, to be added as componentOf ingredients