Inspecting and Signing Work
The most widely available tool for reading and writing C2PA manifests is c2patool, maintained as part of the reference implementation. It runs from the command line and works on the major supported formats.
To inspect a file:
c2patool image.jpgThe output shows whether a manifest is present and summarizes its assertions. Adding --output json produces structured data that can be parsed by other programs. For bulk checks, a short shell loop or Python script that calls the tool on each file is sufficient.
Writing a manifest requires a manifest definition and a signing key. A minimal definition might declare a creation action and some basic metadata. The tool then signs the definition against the file and embeds the result.
c2patool input.jpg \
--manifest manifest.json \
--signer-file key.pem \
--output output.jpgThe manifest definition itself is a JSON document. It can contain an actions assertion, a metadata assertion, or both. The signer controls the content of these assertions.
Several practical limits appear immediately. The tool cannot force a manifest to survive every subsequent edit. Many common image editors and export paths will drop or invalidate the C2PA data. Keys must be managed by the signer; there is no built-in recovery if the private material is lost. And the claims inside the manifest remain claims. Verification confirms the signature and the integrity of the signed data, not the truth of the statements about artistic origin.
Bulk signing is straightforward to script once the manifest definition is stable. The difficulty lies elsewhere: deciding what the definition should actually say when the goal is to protect the standing of a particular piece of work rather than to satisfy an automated pipeline.