# Open-source tools for content authenticity and provenance > Integrate secure provenance signals into your site, app, or service using open-source tools developed by the Content Authenticity Initiative. ## search - [Search the documentation](/search.md) ## docs ### c2pa-android-example The c2pa-android-example repository contains a prototype Android application demonstrating how to capture photos and videos, embed Content Credentials, and then sign them. - [C2PA Android example app](/docs/c2pa-android-example.md): The c2pa-android-example repository contains a prototype Android application demonstrating how to capture photos and videos, embed Content Credentials, and then sign them. ### c2pa-android This project provides Android bindings for the Content Authenticity (CAI). It wraps the C2PA Rust implementation using its C API bindings to provide native Android support via an AAR library. - [C2PA Android library](/docs/c2pa-android.md): This project provides Android bindings for the Content Authenticity (CAI). It wraps the C2PA Rust implementation using its C API bindings to provide native Android support via an AAR library. ### c2pa-cpp The c2pa-cpp repository implements C++ APIs that: - [CAI SDK C++ library](/docs/c2pa-cpp.md): The c2pa-cpp repository implements C++ APIs that: - [Configuring the SDK with Context and Settings](/docs/c2pa-cpp/docs/context-settings.md): This guide explains how to configure the C2PA SDK using Context and Settings. The configuration controls SDK behavior including verification, trust anchors, thumbnails, signing, and more. - [Embeddable Signing API](/docs/c2pa-cpp/docs/embeddable-api.md): [!WARNING] - [Frequently-asked questions (FAQs)](/docs/c2pa-cpp/docs/faqs.md): When do I use Reader versus Builder? - [Using Builder intents](/docs/c2pa-cpp/docs/intents.md): Intents enable validation, add required actions that are required by the C2PA specification, and help prevent invalid operations when using a Builder. Intents are about the operation (create, edit, update) executed on the source asset. - [Release Notes](/docs/c2pa-cpp/docs/release-notes.md): 3 Mar 2026 - [Selective manifest construction](/docs/c2pa-cpp/docs/selective-manifests.md): You can use Builder and Reader together to selectively construct manifests—keeping only the parts you need and omitting the rest. This is useful when you don't want to include all ingredients in a working store (for example, when some ingredient assets are not visible). - [Supported file formats](/docs/c2pa-cpp/docs/supported-formats.md): The following table summarizes the supported media (asset) file formats. This information is based on what the Rust library supports; other libraries in the SDK support the same formats unless noted otherwise. - [Using the C++ library](/docs/c2pa-cpp/docs/usage.md): To use this library, include the header file in your code as follows: - [Manifests, working stores, and archives](/docs/c2pa-cpp/docs/working-stores.md): This table summarizes the fundamental entities that you work with when using the CAI SDK. ### c2pa-ios-example Overview - [C2PA iOS Example](/docs/c2pa-ios-example.md): Overview ### c2pa-ios Tests - [C2PA iOS](/docs/c2pa-ios.md): Tests ### c2pa-js [!NOTE] - [c2pa-js](/docs/c2pa-js.md): [!NOTE] - [c2pa-types](/docs/c2pa-js/c2pa-types-readme.md): Exports TypeScript types autogenerated from c2pa-rs structs, used by c2pa-web. - [c2pa-wasm](/docs/c2pa-js/c2pa-wasm-readme.md): The WebAssembly wrapper for c2pa-rs that powers c2pa-web, built with wasm-bindgen. While these bindings can be used directly, most users will prefer the convenience of c2pa-web. - [c2pa-web](/docs/c2pa-js/c2pa-web-readme.md): The SDK for interacting with C2PA metadata on the web. ### c2pa-node-v2 The c2pa-node-v2 repository implements a Node.js API that can: - [C2PA Node.js library](/docs/c2pa-node-v2.md): The c2pa-node-v2 repository implements a Node.js API that can: - [Supported file formats](/docs/c2pa-node-v2/supported-formats.md): The following table summarizes the supported media (asset) file formats. This information is based on what the Rust library supports; other libraries in the SDK support the same formats unless noted otherwise. ### c2pa-node [!WARNING] - [C2PA Node.js library (deprecated)](/docs/c2pa-node.md): [!WARNING] ### c2pa-python-example Overview - [C2PA Python example](/docs/c2pa-python-example.md): Overview ### c2pa-python The c2pa-python repository provides a Python library that can: - [C2PA Python library](/docs/c2pa-python.md): The c2pa-python repository provides a Python library that can: - [Class diagram](/docs/c2pa-python/docs/class-diagram.md): This diagram shows the public classes in the Python library and their relationships. - [Context and settings](/docs/c2pa-python/docs/context-settings.md): This guide shows you how to configure the C2PA Python SDK using the Context API with declarative settings in JSON format. - [Python example code](/docs/c2pa-python/docs/examples.md): The examples directory contains some small examples of using this Python library. - [Using Builder intents](/docs/c2pa-python/docs/intents.md): Intents enable validation, add the actions required by the C2PA specification, and help prevent invalid operations when using a Builder. Intents are about the operation (create, edit, update) executed on the source asset. - [Release notes](/docs/c2pa-python/docs/release-notes.md): Version 0.6.0 - [Selective manifest construction](/docs/c2pa-python/docs/selective-manifests.md): You can use Builder and Reader together to selectively construct manifests—keeping only the parts you need and omitting the rest. This is useful when you don't want to include all ingredients in a working store (for example, when some ingredient assets are not visible). - [Supported file formats](/docs/c2pa-python/docs/supported-formats.md): The following table summarizes the supported media (asset) file formats. This information is based on what the Rust library supports; other libraries in the SDK support the same formats unless noted otherwise. - [Using the Python library](/docs/c2pa-python/docs/usage.md): This package works with media files in the supported formats. - [Manifests, working stores, and archives](/docs/c2pa-python/docs/working-stores.md): This table summarizes the fundamental entities that you work with when using the CAI SDK. ### c2patool C2PA Tool, c2patool, is a command line tool for working with C2PA manifests and media assets (audio, image or video files). - [C2PA command line tool](/docs/c2patool.md): C2PA Tool, c2patool, is a command line tool for working with C2PA manifests and media assets (audio, image or video files). - [C2PA Tool](/docs/c2patool/c2patool-index.md): For a series of educational videos on using C2PA Tool, see Content Credentials Foundations. - [Using an X.509 certificate for CAWG signing](/docs/c2patool/docs/cawg_x509_signing.md): The c2patool uses some custom properties in the cawgx509signer section of the settings file for signing: - [Changelog](/docs/c2patool/docs/changelog.md): All notable changes to this project will be documented in this file. - [Manifest definition file](/docs/c2patool/docs/manifest.md): C2PA Tool reads a manifest definition JSON file with a .json extension. This file defines a single manifest to be added to an asset's manifest store. - [Supported file formats](/docs/c2patool/docs/supported-formats.md): The following table summarizes the supported media (asset) file formats. This information is based on what the Rust library supports; other libraries in the SDK support the same formats unless noted otherwise. - [Using C2PA Tool](/docs/c2patool/docs/usage.md): C2PA Tool's command-line syntax is: - [Using an X.509 certificate](/docs/c2patool/docs/x_509.md): The c2patool uses some custom properties in the manifest definition file for signing: ### community-resources The Content Authenticity Initiative has an active and growing community of developers collaborating on the ecosystem of open-source for content provenance creation and validation. - [Community resources](/docs/community-resources.md): The Content Authenticity Initiative has an active and growing community of developers collaborating on the ecosystem of open-source for content provenance creation and validation. ### conformance The C2PA conformance program helps to ensure that products that read and create Content Credentials are compliant with the C2PA Content Credentials specification. - [C2PA conformance program](/docs/conformance.md): The C2PA conformance program helps to ensure that products that read and create Content Credentials are compliant with the C2PA Content Credentials specification. - [Trust lists](/docs/conformance/trust-lists.md): C2PA maintains two trust lists: the C2PA trust list and the C2PA time-stamping authority (TSA) trust list_. ### durable-cr Durable Content Credentials is a concept that helps content provenance to persist across content platforms by using C2PA manifest data in conjunction with: - [Durable Content Credentials](/docs/durable-cr.md): Durable Content Credentials is a concept that helps content provenance to persist across content platforms by using C2PA manifest data in conjunction with: - [Watermarking and fingerprinting algorithms](/docs/durable-cr/sb-algs.md): The C2PA specification refers to watermarking and content fingerprinting as soft bindings, which can be used to find digital content, even if the underlying bits differ. The C2PA specification requires that soft bindings be generated using one of the algorithms approved by the C2PA Technical Working Group. - [TrustMark FAQ](/docs/durable-cr/tm-faq.md): - General Usage and Adoption - [TrustMark watermarking](/docs/durable-cr/trustmark-intro.md): TrustMark is an open-source universal watermarking system for images that: ### getting-started This is a technical introduction to the Content Authenticity Initiative (CAI) open-source SDK that provides initial context and an overview of the technical aspects of implementing CAI solutions. - [Getting started with Content Credentials](/docs/getting-started.md): This is a technical introduction to the Content Authenticity Initiative (CAI) open-source SDK that provides initial context and an overview of the technical aspects of implementing CAI solutions. - [Frequently-asked questions](/docs/getting-started/faqs.md): C2PA FAQs. - [Glossary](/docs/getting-started/glossary.md): This glossary defines key terms used throughout the documentation and expands on the Glossary in the C2PA Content Credentials specification. - [Using the inspect tool on Adobe Content Authenticity (Beta)](/docs/getting-started/inspect.md): The Inspect tool on Adobe Content Authenticity (Beta) (often referred to as "ACA Inspect" or simply "Inspect") is a C2PA conforming validator product that can display and apply Content Credentials for various asset types. ### introduction You're strongly encouraged to read this introduction and Getting started for some basic background and context, before you dive right into development. Working with manifests also has some useful information, regardless of which language and library you use. - [CAI open source SDK](/docs/introduction.md): You're strongly encouraged to read this introduction and Getting started for some basic background and context, before you dive right into development. Working with manifests also has some useful information, regardless of which language and library you use. ### js-sdk - [JavaScript library](/docs/js-sdk/js-landing.md): For video walkthroughs on using the JavaScript SDK, see the following from the Content Credentials Foundations course: ### legacy-js-sdk - [deprecation-notice](/docs/legacy-js-sdk/deprecation-notice.md): This is documentation for the deprecated legacy JavaScript library, c2pa-js-legacy. This library is no longer maintained or supported. Instead use the new JavaScript web library. - [Legacy JavaScript library: Architecture](/docs/legacy-js-sdk/getting-started/architecture.md): Zoom in by double-clicking or scrolling with your mouse or trackpad. Move the diagram by clicking and dragging. - [Redirect](/docs/legacy-js-sdk/getting-started/overview.md): This page will be redirected to https://opensource.contentauthenticity.org/docs/js-sdk/js-landing. - [Legacy JavaScript library: Quick start](/docs/legacy-js-sdk/getting-started/quick-start.md): Prerequisites - [Legacy JavaScript examples](/docs/legacy-js-sdk/guides/examples.md): JavaScript examples are in contentauth/c2pa-js-examples. The examples are mirrored from the examples directory in the contentauth/c2pa-js repository. - [Legacy JavaScript library: Hosting C2PA assets](/docs/legacy-js-sdk/guides/hosting.md): Cross-origin (CORS) support - [Legacy JavaScript library: Selectors](/docs/legacy-js-sdk/guides/selectors.md): Selectors are convenience functions that return useful data from manifest objects. The selector functions are: - [Legacy JavaScript library: Validation & errors](/docs/legacy-js-sdk/guides/validation.md): Part of processing an asset involves validating the manifests that it contains. During validation, errors can occur in the active manifest and in ingredients. - [Legacy JavaScript library: Viewing manifest data](/docs/legacy-js-sdk/guides/viewing-manifest-data.md): Initializing the library - [New JavaScript library](/docs/legacy-js-sdk/js-lib-v2.md): There is a new JavaScript web library for applications that run in a web browser environment. - [Legacy JavaScript library](/docs/legacy-js-sdk/old-js-overview.md): The CAI legacy JavaScript library performs only read operations on C2PA manifests. ### manifest - [SDK object reference](/docs/manifest/json-ref.md): These references are generated from the Rust library but apply to all the language bindings (libraries). But note that not all languages may be up-to-date with the latest changes in the Rust library. - [Builder reference](/docs/manifest/json-ref/builder-schema.md): This is a beta release of this reference. It is a work in progress and may have issues or errors. - [ManifestDefinition reference](/docs/manifest/json-ref/manifest-definition-schema.md): This is a beta release of this reference. It is a work in progress and may have issues or errors. - [Reader reference](/docs/manifest/json-ref/reader-schema.md): This is a beta release of this reference. It is a work in progress and may have issues or errors. - [Settings reference](/docs/manifest/json-ref/settings-schema.md): This is a beta release of this reference. It is a work in progress and may have issues or errors. - [Manifest examples](/docs/manifest/manifest-examples.md): The example-assets repository contains some sample assets that demonstrate Content Credentials, including links to view the corresponding manifest reports from the C2PA Tool and to inspect the assets using Verify. See the README as rendered in GitHub Pages. - [Reading and validating manifest data](/docs/manifest/reading.md): For a video walkthrough of reading and validating Content Credentials in a web browser, see Reading and validating C2PA data with Javascript in the browser from the Content Credentials Foundations course. - [Reading legacy manifest data](/docs/manifest/reading/legacy-manifests.md): As much as possible, an application should write manifest data that conforms to the recent version 2.2 C2PA technical specification, but should be able to read and validate manifest data that conforms to earlier versions of the specification. This ensures that your application is "backward-compatible" and can still validate older assets with claims that were written in the past. - [Validating manifests](/docs/manifest/reading/manifest-validation.md): Processing an asset includes validating the manifests in the associated manifest store. During validation, errors can occur in the active manifest and in ingredients. - [Reading CAWG identity assertions](/docs/manifest/reading/reading-cawg-id.md): For a video walkthrough of adding a CAWG identity assertion when publishing an image, see Signing an image at publish with a CAWG identity assertion from the Content Credentials Foundations course. - [Reading ingredients](/docs/manifest/reading/reading-ingredients.md): Overview - [Understanding manifests](/docs/manifest/understanding-manifest.md): The concept of a manifest is central to how Content Credentials work. - [Building and writing manifest data](/docs/manifest/writing.md): Use a Builder structure to define and construct manifest data for writing. The Rust library and other language libraries provide methods and objects for working with this structure. - [Writing assertions and actions](/docs/manifest/writing/assertions-actions.md): Overview - [Writing ingredients](/docs/manifest/writing/ingredients.md): Overview ### mobile These projects are still under active development. They may have bugs and missing features: Bug reports and feature requests are welcome in the GitHub repositories. - [Mobile libraries](/docs/mobile.md): These projects are still under active development. They may have bugs and missing features: Bug reports and feature requests are welcome in the GitHub repositories. ### node-landing The old c2pa-node library is still available, but it's deprecated and will no longer be updated or supported. Move to the new c2pa-node-v2 library as soon as possible! - [Node.js library](/docs/node-landing.md): The old c2pa-node library is still available, but it's deprecated and will no longer be updated or supported. Move to the new c2pa-node-v2 library as soon as possible! ### prod-cert This page will be redirected to https://opensource.contentauthenticity.org/docs/signing/prod-cert. - [Redirect](/docs/prod-cert.md): This page will be redirected to https://opensource.contentauthenticity.org/docs/signing/prod-cert. ### roadmap This page is deprecated and may not be up to date. - [Open-source SDK task planning and roadmap](/docs/roadmap.md): This page is deprecated and may not be up to date. ### rust-sdk Tier 1A Tier 1B Tier 2 Latest Version docs.rs codecov - [C2PA Rust library](/docs/rust-sdk.md): Tier 1A Tier 1B Tier 2 Latest Version docs.rs codecov - [Using the CAWG identity assertion](/docs/rust-sdk/docs/cawg-id.md): The CAI Rust library includes an implementation of the Creator Assertions Working Group (CAWG) identity assertion specification. - [Configuring SDK settings](/docs/rust-sdk/docs/context-settings.md): This guide shows you how to configure the C2PA Rust library using the Context API with declarative settings in JSON format. - [Embeddable signing API](/docs/rust-sdk/docs/embeddable-api.md): [!WARNING] - [Intents](/docs/rust-sdk/docs/intents.md): Intents tell the C2PA Builder what kind of manifest you are creating. They enable validation, add required default actions, and help prevent invalid operations. - [Progress and cancellation API](/docs/rust-sdk/docs/progress_callbacks.md): Overview - [Release notes](/docs/rust-sdk/docs/release-notes.md): Refer to the CHANGELOG for detailed changes derived from Git commit history. - [Supported file formats](/docs/rust-sdk/docs/supported-formats.md): The following table summarizes the supported media (asset) file formats. This information is based on what the Rust library supports; other libraries in the SDK support the same formats unless noted otherwise. - [Using the Rust library](/docs/rust-sdk/docs/usage.md): Supported platforms - [Working stores and archives](/docs/rust-sdk/docs/working-stores.md): Many workflows need to pause and resume manifest authoring or reuse previously validated ingredients. Working stores and C2PA archives (or simply archives) provide a standard way to save and restore this state of a Builder. ### signing-manifests This page will be redirected to https://opensource.contentauthenticity.org/docs/manifest/signing-manifests. - [Redirect](/docs/signing-manifests.md): This page will be redirected to https://opensource.contentauthenticity.org/docs/manifest/signing-manifests. ### signing Be sure to read Getting started for some basic background on public-key infrastructure (PKI) technology, certificates, and signing manifests. - [Signing and certificates](/docs/signing.md): Be sure to read Getting started for some basic background on public-key infrastructure (PKI) technology, certificates, and signing manifests. - [Getting a signing certificate](/docs/signing/get-cert.md): Best practices for handling keys and certificates are beyond the scope of this documentation. Always protect your private keys with the highest level of security; for example, never share them through insecure channels such as email. - [Signing with local credentials](/docs/signing/local-signing.md): Overview - [Using a signing certificate in production](/docs/signing/prod-cert.md): Accessing a private key and certificate directly from the local file system is fine during development, but doing so in production is not secure. Instead use one or both of: - [Using test certificates](/docs/signing/test-certs.md): The CAI SDK does not allow you to use a self-signed certificate to sign a manifest. ### tasks At a high level, using the CAI open-source SDK is the same in every language, but how you accomplish each task is specific to the language you're using. - [Working with the SDK](/docs/tasks.md): At a high level, using the CAI open-source SDK is the same in every language, but how you accomplish each task is specific to the language you're using. - [Using working stores and archives](/docs/tasks/archives.md): Working stores and archives provide a standard way to save and restore the state of a Builder: - [Adding and signing a manifest](/docs/tasks/build.md) - [Getting resources from a manifest](/docs/tasks/get-resources.md): Manifest data can include binary resources such as thumbnail and icon images which are referenced by JUMBF URIs in manifest data. - [Using builder intents](/docs/tasks/intents.md): Intents tell the Builder what kind of manifest you are creating. They enable validation, add required default actions, and help prevent invalid operations. - [Reading and verifying manifest data](/docs/tasks/read.md) - [Configuring SDK settings with Context](/docs/tasks/settings.md): Regardless of which language you're working in, you use the Context and Settings classes to control SDK behavior including verification, trust anchors, thumbnails, signing, and more. ### trustmark This repository contains the official, open source implementation of TrustMark watermarking for the Content Authenticity Initiative (CAI) as described in: - [TrustMark](/docs/trustmark.md): This repository contains the official, open source implementation of TrustMark watermarking for the Content Authenticity Initiative (CAI) as described in: - [Using TrustMark with C2PA](/docs/trustmark/c2pa.md): Open standards such as Content Credentials, developed by the Coalition for Content Provenance and Authenticity(C2PA), describe ways to encode information about an image’s history or provenance, such as how and when it was made. This information is usually carried within the image’s metadata. - [TrustMark FAQ](/docs/trustmark/FAQ.md): Frequently asked questions for general users and implementors of the TrustMark image watermarking algorithm described in the official paper and code repository. - [TrustMark JavaScript example](/docs/trustmark/js.md): The js directory contains an example JavaScript implementation of decoding TrustMark watermarks embedded in images. It provides a minimal example of a client-side JavaScript application, would could be applied, for example, to a browser extension. - [Configuring TrustMark](/docs/trustmark/python/CONFIG.md): Overview - [TrustMark — Rust implementation](/docs/trustmark/rust.md): An implementation in Rust of TrustMark watermarking, as described in TrustMark - Universal Watermarking for Arbitrary Resolution Images (arXiv:2311.18297) by Tu Bui, Shruti Agarwal, and John Collomosse . - [TrustMark CLI](/docs/trustmark/rust/crates/trustmark-cli.md): The Rust implementation includes a CLI wrapper for the trustmark crate. ### verify-known-cert-list This page will be redirected to https://opensource.contentauthenticity.org/docs/getting-started/verify-known-cert-list/. - [Redirect](/docs/verify-known-cert-list.md): This page will be redirected to https://opensource.contentauthenticity.org/docs/getting-started/verify-known-cert-list/.