Last updated: Jan-17-2025
Introduction
The Coalition for Content Provenance and Authenticity (C2PA) is a collaboration among tech and media companies to combat online misinformation. It aims to establish standards and tools for verifying the authenticity of digital media, such as images and videos, by capturing and preserving information about their creation and editing. The goal is to prevent the spread of deceptive or manipulated content on the internet.
C2PA defines a specification to accomplish this goal. The tooling used to implement C2PA is provided by the Content Authenticity Initiative (CAI), which consists of various SDKs, a command-line tool, and an underlying Rust library. See the GitHub repo.
You can use this online validation tool to see the history of certifications that have been applied to an image.
Scope
C2PA in Cloudinary is currently available only to customers who request it.
It is implemented for images only (specifically, these output formats: avif
, heic
, heif
, jpg
, jpeg
, png
, svg
, tif
, tiff
, and webp
).
Cloudinary authenticates and signs assets on delivery upon request by adding the signature in a new manifest on top of any existing manifests. If the previous signature is invalid, Cloudinary also marks the previous manifest as invalid.
Alterations made by Cloudinary are classified as transcoded or edited. The transcoded actions are defined by a closed whitelist and include: c_fit
, c_mfit
, c_pad
, c_lpad
, c_mpad
, f_*
, q_*
, and c_scale
with a single dimension, w
or h
.
All other actions are classified as edited.
The metadata attached to each asset contains the certificate, a private key, and a timestamp.
Usage
When delivering images that you want to be signed by Cloudinary, include the c2pa
flag, (fl_c2pa
in URLs). For example:
For images that are transcoded but not edited, for example c_scale,w_550/fl_c2pa
, a validation tool would show something similar to the following (view in validation tool):
For images that are edited, whether or not they are also transcoded, for example e_cartoonify/fl_c2pa
, a validation tool would show something similar to the following (view in validation tool):