Skip to main content

CAI open source SDK

tip

You're strongly encouraged to read this introduction and Getting started to give you some basic background and context, before you dive right into development. Working with manifests also has some crucial information, regardless of which language and library you use.

The Coalition for Content Provenance and Authenticity (C2PA) and Content Authenticity Initiative (CAI) are groups working together to develop and promote adoption of an open industry standard for content authenticity and provenance.

What's in the SDK

The CAI open-source SDK (software development kit) is a set of tools and libraries that enable developers to create, verify, and display Content Credentials based on C2PA standards.

The CAI open-source SDK consists of:

  • C2PA Tool: a command-line tool for working with C2PA manifests and media assets.
  • The JavaScript library (also known as the JavaScript SDK): Client JavaScript library for code that runs, for example, in a web browser.
  • Prerelease libraries for Node.js, Python, and C++/C.
  • The Rust library, which is the code that underlies everything else. It's the "source of truth" that all the other libraries use.

To see a summary of what each tool and library can do, see Which tool is right for you?.

C2PA Tool

C2PA Tool, is a command-line utility for working with C2PA manifest data. Use this tool to work with assets in a supported file format to:

  • Read a JSON report of manifest data.
  • Attach a manifest store to an asset, if it doesn't already have an associated manifest store.
  • Add a manifest to to the associated manifest store if the asset does have an associated manifest store.

JavaScript library

The client JavaScript library enables working with manifest data in the browser. Use this library to:

  • Verify and display manifest data on a website or web application.
  • Link manifest data displayed on your site to Verify.
  • Easily add user interface elements to your website that display manifest data while following the C2PA user experience recommendations.

Prerelease libraries

The C++/C, Python, and Node.js libraries enable applications written in those languages to create, verify, and display Content Credentials.

Warning

These libraries are all early prerelease versions. They may have bugs and unimplemented features, and their APIs are subject to change.

Rust library

The Rust library enables adding C2PA capabilities to a desktop, mobile, or embedded application. The Rust library is the fundamental system underlying everything else. C2PA Tool uses it "under the hood" and language-specific APIs are generated from it.

You can use the Rust library via the Foreign Function Interface (FFI) to:

  • Create and sign C2PA claims and manifests.
  • Embed a manifest store into certain asset file formats.
  • Parse and validate manifests found in certain asset file formats.

Which tool is right for you?

Use To...JavaScript Library C2PA ToolPrerelease Libraries Rust Library
Display C2PA data on your site or app
Link C2PA data displayed on your site to Verify
Write C2PA data into files
Quickly create and inspect C2PA data
Customize displaying and creating C2PA data
Deploy on web, mobile, and desktop

More information

For more information about the C2PA and CAI, see the following websites:

WebsiteOrganizationPurpose / Description
c2pa.orgC2PA / Linux FoundationStandards body
Technical specifications and guidance documents
contentcredentials.orgC2PAConsumer-friendly site
VerifyC2PAWeb-based tool to display Content Credentials.
For more information, see Using the Verify tool
contentauthenticity.orgCAIIndustry consortium
Open-source software and community resources

C2PA

C2PA provides the formal technical specifications and open standards for content provenance for use by creators, editors, publishers, media platforms, and consumers. C2PA is a mutually-governed standards development organization (SDO) under the structure of the Linux Foundation’s Joint Development Foundation.

The "cr" icon

The "cr" icon is trademarked by the C2PA and is the de facto mark for C2PA user experiences. C2PA members can use this icon to provide a consistent user experience and set expectations that an application, tool, or website implements C2PA standards.

info

For detailed guidance on using the "cr" icon, see C2PA User Experience Guidance for Implementers.

CAI

CAI is an Adobe-led cross-industry consortium that advocates for the adoption of Content Credentials based on C2PA standards. CAI develops and maintains open-source software based on C2PA technical specifications. CAI members include Adobe, Microsoft, The New York Times Co., The Associated Press, Intel, Qualcomm, and many more.