Getting started with C2PA Signer
C2PA Signer helps you verify, explain and test-sign C2PA Content Credentials locally. Use these guides to inspect files, scan visible page media, create test certificates and understand trust status.
Verification and signing workflows are designed to run in the browser extension. Selected files and signing identities are not uploaded to a C2PA Signer backend.
Core workflows
Use the extension for file, page and signing checks
Verify a local file
Check whether a supported image, PDF or MP4 includes C2PA Content Credentials and open the full report.
- Open the C2PA Signer popup.
- Keep the Verify tab active.
- Drop a JPG, PNG, PDF or MP4 into the local verifier.
- Read the status badge and report details.
Scan media on a web page
Inspect supported visible media on the current tab and compare C2PA status badges.
- Open the page you want to inspect.
- Open the extension popup.
- Click Analyze this page.
- Open reports for media that need review.
Create a test certificate
Generate a C2PA-compatible test certificate for demos, development and internal validation.
- Switch to the Sign tab.
- Choose Generate a test certificate.
- Confirm certificate details.
- Use it only for test signing workflows.
Sign with Content Credentials
Attach C2PA Content Credentials to a supported image using a test certificate or imported signing material.
- Select a test certificate or import .p12/.pfx signing material.
- Choose the file to sign.
- Run the signing workflow.
- Download and verify the signed output.
Status logic
Read the four C2PA statuses consistently
Valid Content Credentials with a recognized certificate chain.
The signature can be valid while public trust is not recognized.
C2PA data exists, but signature or integrity validation failed.
No C2PA evidence was detected. This does not mean the content is fake.
Certificates
Understand test certificates and imported signing material
Test certificates
Test certificates are useful for demos, learning and internal validation. They can show how a C2PA signing workflow behaves, but they are not public production trust.
Imported certificates
Imported signing material such as .p12 or .pfx files can support controlled workflows. Private keys should be handled carefully and should not be imported into environments you do not control.
Trust chains
How a trusted result is evaluated
The extension checks whether the manifest signature can be verified with the signing certificate.
The certificate chain is evaluated from the signing certificate toward an issuing authority.
Public trust depends on whether the chain terminates in a recognized C2PA trust source.