Skip to main content
← back to blog
AI & Provenance

C2PA Content Credentials, explained without the marketing

Adobe, Microsoft, and OpenAI are pushing a new image-signing standard. Here's what it actually does, what it doesn't do, and what it means for your photos.

  • C2PA
  • AI
  • provenance

If you've edited a photo in Photoshop recently, exported from Adobe Firefly, or downloaded an image from OpenAI's DALL·E, there's a decent chance the file is carrying a C2PA manifest — a cryptographically signed receipt describing how it was made.

This is the standard everyone in the "is this AI?" conversation has been building toward. Worth understanding regardless of which side of that conversation you're on.

What it is

C2PA stands for the Coalition for Content Provenance and Authenticity. It's a consortium pushing a single open standard for embedding "how was this made?" information into image, video, and audio files.

When a tool that supports C2PA writes an image, it can attach a manifest that says things like:

  • Captured by an iPhone 15 Pro on 2026-04-12
  • Cropped in Photoshop 25
  • AI-generated by Firefly using the prompt "..."
  • Composited with elements from these three other images (each one linked)

Then it signs the whole thing with a cryptographic key tied to a verifiable certificate. If a viewer tool wants to check "did this really come from where it says it did?" they can verify the signature against a trust list.

What's actually in a C2PA manifest

Three things, roughly:

  1. Claims — structured data about the image (when, where, by whom, with what tool)
  2. Assertions — specific facts you can point at: "this was captured by a camera," "this was AI-generated," "the creator has marked this as do-not-train"
  3. A signature — proving the manifest was issued by a real organization with a real certificate

The container these live in is called JUMBF (a JPEG-friendly nesting format) and the inner data is encoded as CBOR (binary JSON). It's all standardized; anyone can parse it with the right tools.

What it does well

  • Authenticity for journalism. A photo published by Reuters with a valid C2PA manifest can be verified end-to-end: "this came from a Sony camera at this time, was edited in Photoshop with these specific operations, and signed by Reuters." A bad actor can't fake the chain.
  • AI labeling. When Firefly or DALL·E embed a manifest saying "this is AI-generated," there's a clear answer for anyone who wants to check.
  • Provenance chains. If an image was built from three source photos, the manifest can link to all three (each with their own manifest). You can walk the chain back to originals.

What it doesn't do

  • It doesn't survive screenshotting. Take a screenshot of any C2PA image and the manifest is gone. The pixels are the only thing left.
  • It doesn't survive most re-encoding. Save the image with a tool that doesn't preserve metadata? Manifest is gone.
  • It doesn't prove "this is real." It proves "this was issued by X at time Y." If X is lying, the manifest doesn't help.
  • It's not universal. Most cameras don't support it. Most social platforms strip it. Most viewers don't verify it.

The privacy angle (this is why CleanImages cares)

A C2PA manifest can be useful — but it's also a payload of data attached to your image. Camera C2PA manifests can include:

  • The camera's serial number
  • A GPS pin
  • The full edit history
  • Embedded thumbnails (which often have their own EXIF)

If you're a journalist publishing under your own name, that's a feature. If you're sharing a photo without wanting to advertise which exact device took it, the manifest is just another layer to think about.

The honest tradeoff

When you strip a C2PA manifest, you're removing the authenticity proof along with the metadata. That's a real tradeoff:

  • Keep it if you want viewers to be able to verify how the image was made
  • Strip it if you want privacy and don't need others to verify provenance

CleanImages defaults to stripping (it's a privacy tool) but flags clearly when it's about to remove one, with a "heads up: you're removing the authenticity signature" note. There's no right answer — it depends on what you're sharing and why.

What "deeper analysis" means

Anyone (us included) can read enough of a C2PA manifest to tell you "this was signed by Adobe Firefly, claims AI generation, do-not-train set." That's the lite parse — string-scan the manifest for known fields.

A full parse decodes the CBOR structure, walks the ingredient chain, and surfaces any EXIF embedded inside the signed claim (which is easy to miss — stripping the regular EXIF block doesn't catch it). That's a meaningfully different thing and requires more tooling.

A full verification validates the cryptographic signature against trusted root certificates and gives you a "valid · issued by Adobe Trust Services" verdict. That's the official path; Adobe ships an open-source library for it.

CleanImages does the lite parse today, gates the full parse for authed users, and leaves full verification for whoever wants to build a verifier (we're a privacy tool, not an authenticity verifier).

TL;DR

C2PA is a useful standard for proving "how was this made" when you need that. It's also one more piece of metadata attached to your image when you don't. Knowing what's in it lets you make an informed call either way.