CAI open source SDK
You're strongly encouraged to read this introduction and Getting started to give you some basic background and context, before you dive right into development. Working with manifests also has some crucial information, regardless of which language and library you use.
The Coalition for Content Provenance and Authenticity (C2PA) and Content Authenticity Initiative (CAI) are groups working together to develop and promote adoption of an open industry standard for content authenticity and provenance.
What's in the SDK
The CAI open-source SDK consist of:
- C2PA Tool, a command-line tool for working with manifests and media. This tool is a wrapper around the Rust SDK and provides most of the same capabilities that it does. C2PA Tool can:
- Read a JSON report of manifest data.
- Attach a manifest store to an asset, if it doesn't already have an associated manifest store.
- Add a manifest to to the associated manifest store if the asset does have an associated manifest store.
- JavaScript library that enables web pages to verify and read manifest data using client JavaScript. Use it to add user interface elements to your website that display manifest data while following the C2PA user experience recommendations.
- C/C++, Python, Node.js libraries that enable applications to read and validate manifest data, create and sign manifest data and embed it supported asset files.
- Mobile libraries that enable mobile applications for iOS and Android to to read and generate manifest data.
- The Rust library that generates the other language bindings and can also be used directly to read and generate manifest data. The Rust library is the fundamental system underlying everything else.
To see a summary of what each tool and library can do, see Which tool is right for you?.
The following diagram provides a high-level view of the SDK.
How to use the SDK
Applications can use the CAI SDK in several different ways:
- Web pages can use the JavaScript library to display Content Credentials.
- Applications can "shell out" to call C2PA Tool directly, though doing so is not highly scalable.
- Applications written in C++, Python, or Node.js can use the corresponding language libraries to:
- Create, modify, and sign manifests.
- Embed manifests into media files.
- Parse and validate manifests.
- Mobile apps can use the iOS and Android libraries do all the above.
Native applications can also use Rust's Foreign Function Interface (FFI) to call functions in the Rust library. The FFI enables interoperability between Rust and code written in other languages. For example, a Windows application can use the FFI to call Rust functions from languages such as C++ or C#. For an example, see the c2c2pa repository.
An embedded application can use the Rust FFI (foreign function interface) to call Rust functions from languages such as C or C++, similarly to a native application. Embedded applications have unique constraints tied to the devices on which they run, including small memory footprint, low-powered hardware, intermittent network access, unique operating systems, or the lack of an operating system OS (running on bare metal). For these reasons, if you want to develop a CAI-enabled embedded application, please contact the CAI team directly.
Which tool is right for you?
| Use To... | JavaScript Library | C2PA Tool | Python, C++, and Node.js Libraries | Rust Library |
|---|---|---|---|---|
| Display C2PA data on your site or app |  | | | |
| Link C2PA data displayed on your site to Verify | | | | |
| Write C2PA data into files | | | | |
| Quickly create and inspect C2PA data | | | | |
| Customize displaying and creating C2PA data | | | ||
| Deploy on web, mobile, and desktop | | |
More information
For more information about the C2PA and CAI, see the following websites:
| Website | Organization | Purpose / Description |
|---|---|---|
| c2pa.org | C2PA / Linux Foundation | Standards body Technical specifications and guidance documents |
| contentcredentials.org | C2PA | Consumer-friendly site |
| Verify | C2PA | Web-based tool to display Content Credentials. For more information, see Using the Verify tool |
| contentauthenticity.org | CAI | Industry consortium Open-source software and community resources |
C2PA
C2PA provides the formal technical specifications and open standards for content provenance for use by creators, editors, publishers, media platforms, and consumers. C2PA is a mutually-governed standards development organization (SDO) under the structure of the Linux Foundation’s Joint Development Foundation.
The "cr" icon
The "cr" icon is trademarked by the C2PA and is the de facto mark for C2PA user experiences. C2PA members can use this icon to provide a consistent user experience and set expectations that an application, tool, or website implements C2PA standards.
For detailed guidance on using the "cr" icon, see C2PA User Experience Guidance for Implementers.
CAI
CAI is an Adobe-led cross-industry consortium that advocates for the adoption of Content Credentials based on C2PA standards. CAI develops and maintains open-source software based on C2PA technical specifications. CAI members include Adobe, Microsoft, The New York Times Co., The Associated Press, Intel, Qualcomm, and many more.