Skip to main content

Manifest definition file

The c2patool reads a manifest definition JSON file with a .json extension. This file defines a single manifest to be added to an asset's manifest store. In the manifest definition file, file paths are relative to the location of the file unless you specify a base_path field.


The example below is a snippet of a manifest definition that inserts a CreativeWork author assertion. This example uses the default testing certificates in the sample folder that are also built into the c2patool binary. Copy this JSON into a file to use as a test manifest.

NOTE: When you don't specify a key or certificate in the manifest private_key and sign_cert fields, the tool will use the built-in key and cert. You'll see a warning message, since they are meant for development purposes only. For actual use, provide a permanent key and certificate in the manifest definition or environment variables; see Creating and using an X.509 certificate.

The following manifest properties are specific to c2patool and used for signing manifests:

  • alg: Signing algorithm to use. See Creating and using an X.509 certificate for possible values. Default: es256.
  • private_key: Private key to use. Default: es256_private.key
  • sign_cert: Signing certificate to use. Default: es256_certs.pem
  • ta_url: Time Authority URL for getting a time-stamp (for example, A time-stamp provides a way to confirm that the manifest was signed when the certificate was valid, even if the certificate has since expired. Howver, the Time Authority URL requires a live online connection for confirmation, which may not always be available.
"alg": "es256",
"private_key": "es256_private.key",
"sign_cert": "es256_certs.pem",
"ta_url": "",

"claim_generator": "TestApp",
"assertions": [
"label": "stds.schema-org.CreativeWork",
"data": {
"@context": "",
"@type": "CreativeWork",
"author": [
"@type": "Person",
"name": "Joe Bloggs"

JSON schemas