Skip to main content

Using the Verify tool

The C2PA Verify tool (often referred to as simply "Verify") is useful both for consumers and for CAI application developers.

How to use Verify

You can use Verify to inspect a digital asset file in two ways:

Supported asset file types include:

  • Image: AVIF, DNG, HEIC, HEIF, JPEG, PNG, SVG, TIFF, and WebP.
  • Video and audio: AVI, M4A, MOV, MP3, MP4, and WAV.
  • Document: PDF.
tip

Verify shows the complete current list of supported file types (when no asset is displayed on the page).

Uploading an asset

Click Select a file from your device then use the native picker or drag and drop a file to upload it and display information from the associated Content Credentials (if any) such as the author, the tools used to create the asset, and so on.

Using an asset URL

You can also display Content Credentials for an asset with a publicly-visible URL by using a URL with the following format:

https://contentcredentials.org/verify?source=<ASSET_URL>

where <ASSET_URL> is the URL of the asset.

For example: https://contentcredentials.org/verify?source=https://c2pa.org/public-testfiles/image/jpeg/adobe-20220124-CICA.jpg

note

To use Verify on an asset URL, the URL must not require any authentication and the hosting server must allow cross-origin resource sharing (CORS) in the Access-Control-Allow-Origin HTTP response header.

C2PA test files

The C2PA public-testfiles repository contains image files that demonstrate Content Credentials, including multiple ingredients, Exif metadata, and various error conditions, along with links to inspect the assets using Verify and to view the corresponding manifest reports from the C2PA Tool.

Currently, most of the asset files in the repository are JPEG images, but a few PDF and video test files are also available.

Information displayed

Once you've uploaded an asset or entered an asset URL, if the asset:

  • Does not have an associated manifest store, Verify displays the message No Content Credential.
  • Does have an associated manifest store, Verify displays information from it in the three vertical panels, for example as shown below.
Left panel ↑ Center panel ↑Right panel ↑
Shows the asset name from the title property in the active manifest (may not be the same as the file name) and a thumbnail image.

Cick Search for possible matches to search the Adobe Content Credentials Cloud for similar content; see Searching for matching Content Credentials for more information.		Shows all the asset's ingredients in a tree-like layout.
  • Click on an ingredient thumbnail to inspect its Content Credentials in the right panel.
  • Click Compare to compare ingredients either side-by-side or using a slider.
You can zoom in and out in this view using the mouse wheel or trackpad and pan by dragging.

NOTE: The example above shows only one ingredient.		Shows information from the asset's manifest store, as described below:

Title and signing information

The top of the right panel displays a thumbnail of the image with the title of the asset from the title property in the active manifest. The value of this property might not be the same as the file name.

For example, suppose you downloaded a file from Adobe Stock and renamed it my_stock_download.jpeg. In Verify it would appear as shown at right when the manifest store contains the title property shown in the snippet below.


 "manifests": {
    "adobe:urn:uuid:f2513d23-8ca4-4135-82e8-15344e800ca6": {
      "claim_generator": "Adobe_Stock c2pa-rs/0.4.2",
      "title": "AdobeStock_135017891.jpeg",
      ...
    }
 }

Signing information

If the Content Credential was signed by a certificate that is NOT on the known certificate list, such as the CAI test certificate in the SDK, then Verify displays "Unrecognized" at the top of this section with this notice:

However, if the Content Credential was signed by a certificate on the known certificate list, then this section displays the name of the issuer of the claim signature from the signature_info.issuer property in the active manifest, as shown in the example snippet below. It shows the organization name only if the signing certificate includes the "O" or Organization Name attribute (OID value 2.5.4.10) in the certificate's distinguished name information.

For signers on the known certificate list, this section also displays the time of the claim signature from the signature_info.time property in the active manifest, as shown in the example snippet below. The date is converted from UTC to the local time zone.

"signature_info": {
  "issuer": "Adobe Inc.",
  "cert_serial_number": "121561926467332750920512530884092488196",
  "time": "2022-10-26T16:46:46+00:00"
},

If the issuer string is too long, then the date might be truncated or not shown at all. If so, refer to the About this Content Credential section for the full date.

Validation status

If the manifest has validation errors, then Verify displays this notice:

Verify displays this warning if the validation_status array contains any elements. For example, a this image with a hard binding hash mismatch error, as shown in this manifest store:

"validation_status": [
    {
      "code": "assertion.dataHash.mismatch",
      "url": "self#jumbf=/c2pa/contentauth:urn:uuid:04cdf4ec-f713-4e47-a8d6-7af56501ce4b/c2pa.assertions/c2pa.hash.data",
      "explanation": "asset hash error, name: jumbf manifest, error: hash verification( Hashes do not match )"
    }
  ]

Another example that can result in this message is shown in this image with a missing referenced claim, as shown in this manifest store:

"validation_status": [
    {
      "code": "assertion.hashedURI.mismatch",
      "url": "self#jumbf=c2pa.assertions/c2pa.ingredient__1",
      "explanation": "hash does not match assertion data: self#jumbf=c2pa.assertions/c2pa.ingredient__1"
    },
    {
      "code": "claim.missing",
      "url": "self#jumbf=/c2pa/contentbeef:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019",
      "explanation": "ingredient not found"
    }
  ]

Credit and usage

The Credit and usage section displays information about the asset's author and usage rights, divided into these subsections:

Produced by

The Produced by subsection shows information derived from the CreativeWork assertion in the active manifest. If the associated data object has an author property, then the name property is shown under Produced by. If there is a url or license property, then it says Website with a link to the site. For example:

The above example shows the following CreativeWork assertion from the active manifest. The url property is the URL of the asset on the Adobe Stock site:

"assertions": [
  {
    "label": "stds.schema-org.CreativeWork",
    "data": {
      "@context": "https://schema.org",
      "@type": "CreativeWork",
      "url": "https://stock.adobe.com/135017891"
    },
    "kind": "Json"
  },
...]

Social media accounts

If the asset was created with Adobe Photoshop or Adobe Lightroom and the asset's creator has connected social media accounts, then the Credit and usage section shows the information added for any connected accounts, which can include Behance, Instagram, LinkedIn, and X (Twitter).

For more information, see:

For example:

The CreativeWork assertion from the JSON manifest for the above example is shown below.

Show manifest code
{
  "label": "stds.schema-org.CreativeWork",
  "data": {
    "@context": "https://schema.org",
    "@type": "CreativeWork",
    "author": [
      {
        "@type": "Person",
        "credential": [
          {
            "alg": "sha256",
            "hash": "IcZeS318070nuvDYmPqfQdZmOI7jGumMjHTxNshA2ao=",
            "url": "self#jumbf=/c2pa/adobe:urn:uuid:4fd5a284-6fe9-479c-a8af-9bcbbf851d92/c2pa.credentials/did:adobe:ff76b2edfcdb600facacd7a165172c2aecc07718233798ed61bd3a9f4eba0969e"
          }
        ],
        "identifier": "did:adobe:ff76b2edfcdb600facacd7a165172c2aecc07718233798ed61bd3a9f4eba0969e",
        "name": "obidigbo nzeribe"
      },
      {
        "@id": "https://www.instagram.com/obidinzeribe",
        "@type": "Person",
        "credential": [
          {
            "alg": "sha256",
            "hash": "IcZeS318070nuvDYmPqfQdZmOI7jGumMjHTxNshA2ao=",
            "url": "self#jumbf=/c2pa/adobe:urn:uuid:4fd5a284-6fe9-479c-a8af-9bcbbf851d92/c2pa.credentials/did:adobe:ff76b2edfcdb600facacd7a165172c2aecc07718233798ed61bd3a9f4eba0969e"
          }
        ],
        "identifier": "did:adobe:ff76b2edfcdb600facacd7a165172c2aecc07718233798ed61bd3a9f4eba0969e",
        "name": "obidinzeribe"
      },
      {
        "@id": "https://www.behance.net/obidigbonzeribe",
        "@type": "Person",
        "credential": [
          {
            "alg": "sha256",
            "hash": "IcZeS318070nuvDYmPqfQdZmOI7jGumMjHTxNshA2ao=",
            "url": "self#jumbf=/c2pa/adobe:urn:uuid:4fd5a284-6fe9-479c-a8af-9bcbbf851d92/c2pa.credentials/did:adobe:ff76b2edfcdb600facacd7a165172c2aecc07718233798ed61bd3a9f4eba0969e"
          }
        ],
        "identifier": "did:adobe:ff76b2edfcdb600facacd7a165172c2aecc07718233798ed61bd3a9f4eba0969e",
        "name": "obidigbo nzeribe"
      }
    ]
  },
  "kind": "Json"
}

AI model usage

If the active manifest contains a do not train assertion, then the Credit and usage section displays the following message:

AI model usage
Do not use my content to train AI models

Process

The Process section displays information about the process used to create the asset, divided into the following subsections:

For example:

See the above example yourself, based on a C2PA test image:

App or device used

The value shown for App or device used is derived from the claim_generator property in the active manifest. The string is truncated at the first space character and then underscore and slash characters are converted to spaces. In the above example, "claim_generator": "make_test_images/0.16.1 c2pa-rs/0.16.1" is displayed as make test images 0.16.1.

Actions

The Actions subsection lists actions in the active manifest. For example, here is the actions array for the above example:

Show manifest code
"actions": [
  {
    "action": "c2pa.opened",
    "instanceId": "xmp.iid:813ee422-9736-4cdc-9be6-4e35ed8e41cb",
    "parameters": {
      "ingredient": {
        "hash": "tTBD4/E0R0AjLUdJFpsVz3lE/KJUq22Vz0UGqzhEpVs=",
        "url": "self#jumbf=c2pa.assertions/c2pa.ingredient"
      }
    }
  },
  {
    "action": "c2pa.color_adjustments",
    "parameters": {
      "name": "brightnesscontrast"
    }
  },
  {
    "action": "c2pa.placed",
    "instanceId": "xmp.iid:8a00de7a-e694-43b2-a7e6-ed950421a21a",
    "parameters": {
      "ingredient": {
        "hash": "EMeeY5a+lvy1msl+9i5DOcOoeQowrqD7NyV0d8fwAX0=",
        "url": "self#jumbf=c2pa.assertions/c2pa.ingredient__1"
      }
    }
  },
  {
    "action": "c2pa.resized"
  }
]

Ingredients

Ingredients shows the resources used to create the asset, derived from the ingredients array in the active manifest. A thumbnail image is shown for each ingredient, if applicable. If an ingredient itself had Content Credentials, the "cr" icon is shown next to the thumbnail. In the above example, the asset was created by combining two ingredients, CAI.jpg and A.jpg, the first of which had Content Credentials.

AI-generated content

If one or more of the asset's ingredients was generated by artificial intelligence, as specified by the generative AI action, then a Content summary is shown and the Process section will also show the AI tool used, as shown in the example above.

About this Content Credential

This section displays the same information as described in Title and singing information.

Camera capture details

If the active manifest includes Exif metadata assertions, then an additional Camera capture details section shows information about the device used to create the asset, as illustrated below:

The Exif metadata assertions from the JSON manifest for the above example is shown below:

Show manifest code
"assertions": [
  {
    "label": "com.truepic.libc2pa",
    "data": {
      "git_hash": "023bb51",
      "lib_name": "Truepic C2PA C++ Library",
      "lib_version": "2.5.1",
      "target_spec_version": "1.2"
    },
    "kind": "Json"
  },
  {
    "label": "stds.exif",
    "data": {
      "@context": {
        "EXIF": "http://ns.adobe.com/EXIF/1.0/",
        "EXIFEX": "http://cipa.jp/EXIF/2.32/",
        "dc": "http://purl.org/dc/elements/1.1/",
        "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
        "tiff": "http://ns.adobe.com/tiff/1.0/",
        "xmp": "http://ns.adobe.com/xap/1.0/"
      },
      "EXIF:GPSAltitude": "123.5",
      "EXIF:GPSHorizontalAccuracy": "16.4",
      "EXIF:GPSLatitude": "43.152093900000",
      "EXIF:GPSLongitude": "-77.580532800000",
      "EXIF:GPSTimeStamp": "2023-02-12T18:44:26Z"
    },
    "kind": "Json"
  },
  {
    "label": "stds.exif",
    "data": {
      "@context": {
        "EXIF": "http://ns.adobe.com/EXIF/1.0/",
        "EXIFEX": "http://cipa.jp/EXIF/2.32/",
        "dc": "http://purl.org/dc/elements/1.1/",
        "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
        "tiff": "http://ns.adobe.com/tiff/1.0/",
        "xmp": "http://ns.adobe.com/xap/1.0/"
      },
      "EXIF:Make": "Google",
      "EXIF:Model": "Pixel 5"
    },
    "instance": 1,
    "kind": "Json"
  },
  {
    "label": "stds.exif",
    "data": {
      "@context": {
        "EXIF": "http://ns.adobe.com/EXIF/1.0/",
        "EXIFEX": "http://cipa.jp/EXIF/2.32/",
        "dc": "http://purl.org/dc/elements/1.1/",
        "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
        "tiff": "http://ns.adobe.com/tiff/1.0/",
        "xmp": "http://ns.adobe.com/xap/1.0/"
      },
      "EXIF:DateTimeOriginal": "2023-02-12T18:44:26Z"
    },
    "instance": 2,
    "kind": "Json"
    },
    ...
]

See the above example yourself, based on a C2PA test image:

Searching for matching Content Credentials

Adobe products can save manifest stores in the Adobe Content Credentials Cloud. Click Search for possible matches to search the Adobe Content Credentials Cloud for content similar to the asset's ingredients, as described in the Ingredients section above.