Docs

Documentation

Short guides to get started with verification, page scan, test certificates and signing.

1. Verify a local file

Goal

Check whether an image on your device contains valid C2PA Content Credentials.

Steps

  1. 1.

    Open the C2PA Signer popup from the browser toolbar.

  2. 2.

    Make sure the "Verify" tab is active.

  3. 3.

    Drag a file into the drop zone, or click "Choose a file" and select a JPG, PNG, PDF or MP4.

  4. 4.

    Read the status badge and open the full report for details.

Expected result

A status badge (Trusted, Signed but untrusted, Invalid, or No credentials) plus a report with manifest, actions, signature and PKI details.

Common errors

  • No credentials — the file has no C2PA manifest; this does not mean it is fake.
  • Invalid — the file was modified after signing, so integrity validation failed.

Limitations

Verification only reads provenance signals; it does not assess visual truthfulness.

2. Scan media on a web page

Goal

Detect visible media with C2PA evidence on the current tab.

Steps

  1. 1.

    Open the page you want to inspect.

  2. 2.

    Open the C2PA Signer popup.

  3. 3.

    Click "Analyze this page" under the Current page card.

  4. 4.

    Compare the badges placed over each detected media item.

Expected result

Badges over visible images and video showing their C2PA status, plus a per-media report.

Common errors

  • No badges — the page has no visible media with C2PA evidence.
  • Some media skipped — only visible, renderable media are scanned.

Limitations

Page scan covers visible media on the current tab; it does not crawl linked pages or hidden elements.

3. Create a test certificate

Goal

Generate a C2PA-compatible test certificate for demos and internal validation.

Steps

  1. 1.

    Open the popup and switch to the "Sign" tab.

  2. 2.

    Choose "Generate a test certificate".

  3. 3.

    Confirm the certificate details (subject, validity).

  4. 4.

    The test certificate is created locally for signing workflows.

Expected result

A test certificate available for signing, clearly flagged as not publicly trusted.

Common errors

  • Generation failed — check that the browser environment allows local key generation.

Limitations

A test certificate is useful for learning and demos but is not publicly trusted. Use production PKI for real trust.

4. Sign a JPEG or PNG with Content Credentials

Goal

Attach C2PA Content Credentials to a local image.

Steps

  1. 1.

    Open the popup and switch to the "Sign" tab.

  2. 2.

    Select a test certificate or import your own signing material (.p12 / .pfx).

  3. 3.

    Choose the image file to sign.

  4. 4.

    Run the signing workflow and download the signed file.

Expected result

A new file with embedded C2PA Content Credentials that can be verified by the extension or other C2PA-aware tools.

Common errors

  • Signing failed — ensure the certificate and key match C2PA requirements.
  • Import error — verify the .p12/.pfx password and format.

Limitations

Do not import production signing credentials into environments you do not control. Test certificates do not confer public trust.