How C2PA Signer handles files, certificates, page content and trust decisions. Designed for local-first provenance and integrity workflows.
Local-first by design
C2PA Signer processes supported media files directly in the local extension environment.
Verification and signing workflows are designed to run locally, without uploading your files to a C2PA Signer backend.
The extension may read selected local files, visible media on the current tab, and signing material that you explicitly import or generate.
Mechanical logic: zero data exfiltration
File handling
When you select or drop a file into the extension, the file is used only for the requested action: verify, inspect, or sign.
C2PA Signer does not use your files for advertising, profiling, training, or unrelated analytics.
Certificates and private keys
C2PA signing requires a certificate and private key. C2PA Signer supports test certificates for development and demo workflows, and may support imported signing material such as .p12 or .pfx files.
Private keys should always be handled carefully. Do not import production signing credentials into environments you do not control.
Test certificates are not public trust
A test certificate is useful for learning, demos and internal validation. It can show how a C2PA signing workflow works, but it does not mean the signature is publicly trusted.
For production trust, organizations should use certificates issued through the C2PA trust ecosystem.
How trust status is displayed
Visual breakdown of C2PA verification results within the extension UI.
Trusted
The media contains valid Content Credentials and the certificate chain is recognized by the configured trust sources.
Signed but untrusted
The media contains a cryptographically valid signature, but the certificate is not recognized as publicly trusted.
Invalid
The media contains C2PA data, but integrity or signature validation failed.
No credentials
No C2PA evidence was detected. This does not mean the content is fake.
Extension permissions
C2PA Signer requests only the permissions needed to provide its core features: file verification, local signing, page media scan, context menu actions, download of signed files, and local settings.
Page Scan File Download Local Storage Context Menu
Permissions are not used for advertising, tracking, profiling, or unrelated browsing history collection.
Limited Use disclosure
The use of information received from extension permissions adheres to applicable store User Data Policy requirements, including Limited Use.
User data is used only to provide and improve the extension's single purpose: local C2PA Content Credentials signing, verification and page media analysis.