Security & Trust

Security & Trust

How C2PA Signer handles files, certificates, page content and trust decisions.

Section 1

Local-first by design

  • C2PA Signer processes supported media files directly in the local extension environment.
  • Verification and signing workflows are designed to run locally, without uploading your files to a C2PA Signer backend.
  • The extension may read selected local files, visible media on the current tab, and signing material that you explicitly import or generate.

Section 2

File handling

  • When you select or drop a file into the extension, the file is used only for the requested action: verify, inspect, or sign.
  • C2PA Signer does not use your files for advertising, profiling, training, or unrelated analytics.

Section 3

Certificates and private keys

  • C2PA signing requires a certificate and private key. C2PA Signer supports test certificates for development and demo workflows, and may support imported signing material such as .p12 or .pfx files.
  • Private keys should always be handled carefully. Do not import production signing credentials into environments you do not control.

The CAI documentation recalls that an X.509 v3 certificate and a key conforming to C2PA requirements are needed to sign claims, and recommends protecting private keys with a high level of security.

Section 4

Test certificates are not public trust

  • A test certificate is useful for learning, demos and internal validation.
  • It can show how a C2PA signing workflow works, but it does not mean the signature is publicly trusted.
  • For production trust, organizations should use certificates issued through the C2PA trust ecosystem.

Section 5

How trust status is displayed

Trusted

The media contains valid Content Credentials and the certificate chain is recognized by the configured trust sources.

Signed but untrusted

The media contains a cryptographically valid signature, but the certificate is not recognized as publicly trusted.

Invalid

The media contains C2PA data, but integrity or signature validation failed.

No credentials

No C2PA evidence was detected. This does not mean the content is fake.

Section 6

Extension permissions

  • C2PA Signer requests only the permissions needed to provide its core features: file verification, local signing, page media scan, context menu actions, download of signed files, and local settings.
  • Permissions are not used for advertising, tracking, profiling, or unrelated browsing history collection.

Store review guidelines recommend requesting the narrowest possible permissions, and permissions must be consistent with the single purpose of the extension.

Section 7

Limited Use disclosure

The use of information received from extension permissions adheres to applicable store User Data Policy requirements, including Limited Use. User data is used only to provide and improve the extension's single purpose: local C2PA Content Credentials signing, verification and page media analysis.

Store review may require a Limited Use disclosure on the site or one click from the homepage for extensions that use user data.