Skip to main content



The Content Authenticity Initiative's open-source offerings consist of:

  • The JavaScript SDK
  • The c2patool command-line tool
  • The Rust SDK

These projects all work with C2PA manifest data (also referred to as a "C2PA manifest" or just a "manifest") that contains information about the provenance of a digital asset. For more details, see Key concepts below.

JavaScript SDK

The JavaScript SDK enables working with C2PA manifest data in the browser. Use this SDK to:

  • Verify and display manifest data on a website or web application.
  • Link manifest data displayed on your site to Verify.
  • Easily add user interface elements to your website that display manifest data while following the C2PA user experience recommendations.


c2patool is a command-line utility for working with C2PA manifest data. Use this tool to work with assets in a supported file format to:

  • Read a JSON report of manifest data.
  • Attach a manifest store to an asset, if it doesn't already have an associated manifest store.
  • Add a manifest to to the associated manifest store if the asset does have an associated manifest store.

Rust SDK

The Rust SDK enables adding C2PA capabilities to a desktop, mobile, or embedded application. Use the Rust SDK to:

  • Create and sign C2PA claims and manifests.
  • Embed manifests into certain asset file formats.
  • Parse and validate manifests found in certain asset file formats.

Key concepts

Regardless of which SDK or tool you use, it's important to understand some key concepts. These definitions are based on the glossary in the C2PA 1.1 Technical Specification.

Asset: A file or stream of data containing digital content, asset metadata and optionally, a C2PA manifest.

Composed asset: An asset created by building up a collection of multiple parts or fragments of digital content (referred to as ingredients) from one or more other assets. For example, a composed asset could be an image (image A) with another image (image B) imported and super-imposed on top of it. In this example, image B is referred to as an ingredient.

C2PA manifest: The set of information about the provenance of an asset based on the combination of one or more assertions (including content bindings), a single claim, and a claim signature. A C2PA manifest is part of a C2PA manifest store.

C2PA manifest store: A collection of C2PA manifests that can either be embedded into an asset or be external to it.

Active manifest: The last manifest in the list of C2PA manifests inside of a C2PA manifest store which is the one with the set of content bindings that are able to be validated.

Assertion: A data structure which represents a statement asserted by an actor concerning the asset. This data is part of the C2PA manifest. For a list of standard C2PA assertions, see C2PA 1.1 Technical Specification.

Ingredient: Part of a composed asset, such as an image superimposed on top of another image.

The following diagram illustrates how the concepts are related to each other in the C2PA architecture.

C2PA architecture and concepts diagram