Validate C2PA
Overview of the validation report
In the previous doc, Understand C2PA, we explored the core structures within a C2PA validation report, focusing on key objects essential for understanding how C2PA works. However, the validation report contains additional objects that we did not cover yet. This follow-up is here to guide you through those remaining elements, ensuring a comprehensive understanding of the entire report.
If building your own visualization isn't on your to-do list, our Content Credentials display tool does the heavy lifting for you. It interprets the validation report, presenting the information in a consumer-friendly format so you can focus on what matters most.
You can also learn about the verification function on each of our platforms:
Certificate chain
The certificate chain is included in the validation report to ensure that the digital signature on the content credentials is trustworthy. This chain links the individual certificate used to sign the content (the "leaf" certificate) back to a trusted root certificate authority (CA). To verify that a certificate is valid, it must be part of a chain that leads to a trusted root CA. The validator checks this chain against managed lists of trusted certificates, which are either provided by the C2PA or configured by the user, to confirm the authenticity of the signer.
Active manifest
In the validation report, is_active is a boolean that tells you whether that manifest is the latest one. In a case where there are multiple manifests, earlier ones will all be FALSE. In many Content Credentials displays, the signer and software used in the latest, active manifest are given prominent placement, while other manifests require additional clicks to view.
Validation statuses
The validation statuses object includes codes that describe whether specific parts of a manifest passed or failed validation. Each code is accompanied by a success indicator: true if the code reflects success, or false if it reflects failure.
Below is a table that explains some of the validation status codes and what they mean when content credentials are found to be invalid. When not covered below, the explanation is that the content credentials are invalid because someone or something changed this file in an unexpected way.
| Status Code Regex | Explanation |
|---|---|
\*.hashedURI.mismatch | Content credentials are invalid because this file’s recorded history was changed without signing. |
.\*(malformed|unknownBox) | Content credentials are invalid because required data in the file's recorded history is formatted incorrectly. |
assertion\.\\w+Hash\..\* | Content credentials are invalid because this file was changed without signing. |
claim.hardBindings.missing | Content credentials are invalid because required data is missing from this file's recorded history. |
signingCredential.untrusted | Content credentials are invalid because this file was signed by an untrusted source. |
AI determination
Determines the presence of AI for your convenience.
{
"ai": {
"is_ai_generated": false,
"is_ai_edited": false,
"contains_ai": false,
}
}
This assessment is provided individually for each manifest and is derived from the included C2PA information.
| Field | Type | Description |
|---|---|---|
is_ai_generated | boolean | Data in this manifest indicates the media is AI-generated. |
is_ai_edited | boolean | Data in this manifest indicates the media was edited with AI. |
contains_ai | boolean | Data in this manifest and/or at least one of its ingredients' manifests indicates its history contains AI. |
Updated 21 days ago