C2PA Content Credentials: Embedding Provenance in Your Images

Content Credentials — the public-facing name for the C2PA specification — crossed the threshold from novelty to infrastructure over the last year. Leica, Sony, Canon, and (as of firmware 8.1 in March 2026) Fujifilm now ship cameras that sign images at capture. Every major Adobe surface writes manifests. Meta began displaying the "CR" pin icon on Instagram in April 2026. If you work with images professionally you will be dealing with C2PA, whether you want to or not.

Here is how the format actually works and where it falls apart in real pipelines.

What Content Credentials actually are

A C2PA manifest is a CBOR-encoded, cryptographically signed blob embedded in the image file. The spec is currently at version 2.1 (finalized January 2026). Inside the manifest you get:

• Assertions: structured claims about the image (who captured it, what edits were applied, whether AI was used)
• Ingredients: references to source assets, each with its own hash
• Claim signature: a COSE_Sign1 signature by the issuer, chaining to an X.509 certificate
• Credentials: the signing identity, usually a trusted camera manufacturer or software vendor

The manifest is stored inside a JUMBF box (ISO/IEC 19566-5). JPEG, PNG, WebP, AVIF, HEIF, TIFF, and MP4 all have standardized locations for the JUMBF box. This is the key reason C2PA works across formats at all.

What a manifest contains in practice

For a photo captured on a Leica M11-P and edited in Lightroom, the manifest chain looks like:

Ingredient: original RAW capture
  -> signed by Leica Camera AG
  -> assertion: c2pa.captured
  -> exif: ISO 200, f/2, 1/500s
  
Action: Lightroom edit session
  -> signed by Adobe Inc.
  -> assertion: c2pa.edited
  -> actions: [c2pa.color_adjustments, c2pa.cropped]
  
Output: exported JPEG
  -> signed by Adobe Inc.
  -> claim generator: Adobe Lightroom 14.2

Each step adds a new claim while preserving the chain back to the original. Anyone can verify the chain with the public Content Credentials verifier at contentcredentials.org/verify.

Which tools write manifests in 2026

Tools that write C2PA manifests:

• Adobe Photoshop, Lightroom, Firefly, Premiere Pro (all current versions)
• Leica M11-P, M11-D, SL3, Q3
• Sony Alpha 1 II, Alpha 9 III (with the April 2026 firmware)
• Canon EOS R5 Mark II, R1 (firmware 1.3+)
• Fujifilm GFX100 II, X-H2S (firmware 8.1+, March 2026)
• Nikon Z9 (firmware 6.0)
• OpenAI DALL-E 3 and GPT-4o image output
• Google Imagen 4
• Microsoft Designer and Bing Image Creator
• Stable Diffusion via the official ComfyUI C2PA node
• Truepic Lens (mobile capture SDK)

Tools that read and display manifests:

• contentcredentials.org/verify (web)
• Adobe apps (inline)
• Instagram and Facebook (CR pin, April 2026)
• LinkedIn (CR pin, scheduled Q3 2026)
• Windows Photos (native, 11 24H2+)

Where the chain breaks

The manifest survives in-format edits well. It breaks in three common places:

1. Format conversion that does not copy the JUMBF box. Most ImageMagick installs strip it. cwebp with default flags strips it.
2. Social media upload on platforms that aggressively re-encode. Until recently this included most of them. Meta, LinkedIn, and Pinterest now preserve manifests. X and TikTok still strip them.
3. Screenshot obviously breaks the chain, since you are creating a new unsigned asset.

The first case is the most fixable. If you are converting JPEG to WebP or AVIF for web delivery, use a converter that explicitly preserves metadata. Konvrt's in-browser converter copies the JUMBF box through format changes, so a signed JPEG from Lightroom becomes a signed WebP without re-signing.

Verifying a manifest yourself

For any image you suspect has a manifest, drop it into contentcredentials.org/verify. For programmatic use, the c2patool CLI from the C2PA project reads and writes manifests locally:

c2patool image.jpg --info
c2patool image.jpg -d > manifest.json

The output shows the full assertion chain, signing certificates, and any validation failures (broken chain, revoked cert, tampered content).

Writing your own manifest

If you are building a publishing pipeline and want to sign your output, you need an X.509 certificate chain that roots in a C2PA-trusted CA. For production use, Adobe, DigiCert, and GlobalSign all issue C2PA signing certs. For development and internal use, c2patool can generate a self-signed cert, but external verifiers will flag it as untrusted.

Minimal signing command:

c2patool input.jpg -m manifest.json -o output.jpg

Where manifest.json declares your assertions and --signer points to your cert and private key.

Why this matters for AI disclosure

The EU AI Act's transparency obligations require machine-readable provenance metadata on AI-generated and AI-edited images starting August 2026. C2PA is the only widely deployed format that satisfies this requirement today. If you are exporting AI-edited images and stripping metadata in the conversion step, you are likely non-compliant.

The takeaway: C2PA is standard plumbing now, not a research project. The failure mode is almost always metadata loss during format conversion — pick tools that preserve the JUMBF box and your chain of custody survives.