DocsGetting started
Documentation

Getting started with C2PA Signer

C2PA Signer helps you verify, explain and test-sign C2PA Content Credentials locally. Use these guides to inspect files, scan visible page media, create test certificates and understand trust status.

Local-first note

Verification and signing workflows are designed to run in the browser extension. Selected files and signing identities are not uploaded to a C2PA Signer backend.

Core workflows

Use the extension for file, page and signing checks

01

Verify a local file

Check whether a supported image, PDF or MP4 includes C2PA Content Credentials and open the full report.

  1. Open the C2PA Signer popup.
  2. Keep the Verify tab active.
  3. Drop a JPG, PNG, PDF or MP4 into the local verifier.
  4. Read the status badge and report details.
02

Scan media on a web page

Inspect supported visible media on the current tab and compare C2PA status badges.

  1. Open the page you want to inspect.
  2. Open the extension popup.
  3. Click Analyze this page.
  4. Open reports for media that need review.
03

Create a test certificate

Generate a C2PA-compatible test certificate for demos, development and internal validation.

  1. Switch to the Sign tab.
  2. Choose Generate a test certificate.
  3. Confirm certificate details.
  4. Use it only for test signing workflows.
04

Sign with Content Credentials

Attach C2PA Content Credentials to a supported image using a test certificate or imported signing material.

  1. Select a test certificate or import .p12/.pfx signing material.
  2. Choose the file to sign.
  3. Run the signing workflow.
  4. Download and verify the signed output.

Status logic

Read the four C2PA statuses consistently

Trusted

Valid Content Credentials with a recognized certificate chain.

Signed but untrusted

The signature can be valid while public trust is not recognized.

Invalid

C2PA data exists, but signature or integrity validation failed.

No credentials

No C2PA evidence was detected. This does not mean the content is fake.

Certificates

Understand test certificates and imported signing material

Test certificates

Test certificates are useful for demos, learning and internal validation. They can show how a C2PA signing workflow behaves, but they are not public production trust.

Imported certificates

Imported signing material such as .p12 or .pfx files can support controlled workflows. Private keys should be handled carefully and should not be imported into environments you do not control.

Trust chains

How a trusted result is evaluated

01Manifest signature

The extension checks whether the manifest signature can be verified with the signing certificate.

02Certificate path

The certificate chain is evaluated from the signing certificate toward an issuing authority.

03Recognized trust source

Public trust depends on whether the chain terminates in a recognized C2PA trust source.