Sign with a certificate
Add C2PA Content Credentials using an imported certificate, or generate an integrated test certificate for demos and validation workflows.
How it works
Start by signing content in a C2PA-compliant format, either with an imported certificate or with an integrated test certificate, then verify and explain the provenance signals found in files and pages.
Add C2PA Content Credentials using an imported certificate, or generate an integrated test certificate for demos and validation workflows.
Drop an image into the popup to read its C2PA manifest, integrity status, certificate details and useful metadata.
Analyze visible images in the current tab and display badges to distinguish verified, signed, unsigned or invalid content.
Status colors
Open the extension, read the status, then explore the full report.
Valid Content Credentials + recognized certificate chain.
Cryptographically valid signature, certificate not publicly trusted.
C2PA data present, but integrity or signature validation failed.
No C2PA evidence detected. This does not mean the content is fake.
Open the full report to inspect the manifest, actions, signature and PKI trust details.
Use cases
Before publishing or reusing an image, verify whether it has Content Credentials, who signed it and whether the file still matches its manifest.
Sign campaign visuals, product images or press assets so partners can verify the origin and detect later modifications.
Inspect the signature, certificate chain and trust result when a visual asset needs evidence, not just a visual guess.
Generate test certificates, validate signing flows and prepare a C2PA workflow before connecting production PKI or hardware-backed certificates.
Certificates
The extension supports the full signing workflow: generating C2PA-compatible test certificates for demos, importing existing certificates and keys, or relying on hardware-backed certificates when your environment provides them.
Generate a test certificate for development, demos and internal validation, then sign media in a C2PA-compliant format without needing a production PKI first.
Import your own certificate and private key when you already have signing material, so generated manifests can use your organization's identity.
Use certificates provided through hardware support such as a security token, smart card or HSM-backed setup, keeping private keys outside the extension whenever configured.