Verifying C2PA manifests
After creating MP4 outputs with C2PA manifests, you can verify the manifests using C2PA-compatible tools. These tools can extract and validate the manifest, including checking the digital signature and asset hash.
A properly validated C2PA manifest confirms that:
-
The manifest was signed by the specified certificate
-
The content has not been modified since the manifest was created
-
The actions and assertions in the manifest are intact
For more information about C2PA and available verification tools, see the C2PA website
c2patool example.mp4 --info
A successful validation will show output similar to:
$ c2patool example.mp4 --info Information for example.mp4 Manifest store size = 32000 (0.56% of file size 5705967) Validated One manifest
For more detailed information about the manifest contents, use the --detailed
flag:
c2patool example.mp4 --detailed
The following is an example output from c2patool:
$ c2patool example.mp4 --detailed { "active_manifest": "urn:uuid:0b3bd0b6-9783-4adc-9609-fb29fff858da", "manifests": { "urn:uuid:0b3bd0b6-9783-4adc-9609-fb29fff858da": { "claim": { "dc:title": "example.mp4", "dc:format": "video/mp4", "instanceID": "xmp:iid:190fb451-7dc4-4878-b0d2-512d9b1c5dab", "claim_generator": "mediaconvert/1.0", "claim_generator_info": [ { "name": "MediaConvert", "version": "1.0", "org.cai.c2pa_rs": "0.39.0" } ], "signature": "self#jumbf=/c2pa/urn:uuid:0b3bd0b6-9783-4adc-9609-fb29fff858da/c2pa.signature", "assertions": [ { "url": "self#jumbf=c2pa.assertions/c2pa.actions", "hash": "P2+zrSTu2U5aGo4mNC35EWEM7vjfLho/2tTKmZ+ls+k=" }, { "url": "self#jumbf=c2pa.assertions/c2pa.hash.bmff", "hash": "majeRA6voTIMvHShWBR5Vqg7e4c7dVFsfTbezIzn63o=" } ], "alg": "sha256" }, "assertion_store": { "c2pa.actions": { "actions": [ { "action": "c2pa.opened" }, { "action": "c2pa.transcoded" } ] }, "c2pa.hash.bmff": { "alg": "sha256", "hash": "BHZI6ml1LqBf2xLaKAzYS8uOYwWo5/Wsc30wRYmnr4M=", "name": "jumbf manifest", "exclusions": [ { "data": null, "exact": null, "flags": null, "xpath": "/ftyp", "length": null, "subset": null, "version": null }, { "data": null, "exact": null, "flags": null, "xpath": "/uuid", "length": null, "subset": null, "version": null }, { "data": null, "exact": null, "flags": null, "xpath": "/free", "length": null, "subset": null, "version": null }, { "data": null, "exact": null, "flags": null, "xpath": "/mdat", "length": null, "subset": [ { "length": 8, "offset": 0 } ], "version": null }, { "data": null, "exact": null, "flags": null, "xpath": "/moov", "length": null, "subset": null, "version": null }, { "data": null, "exact": null, "flags": null, "xpath": "/mfra", "length": null, "subset": null, "version": null } ] } }, "signature": { "alg": "es256", "issuer": "Test Organization", "time": "2025-04-11T23:17:33+00:00" } } }, "validation_status": [ { "code": "claimSignature.validated", "url": "self#jumbf=/c2pa/urn:uuid:0b3bd0b6-9783-4adc-9609-fb29fff858da/c2pa.signature", "explanation": "claim signature valid" }, { "code": "assertion.hashedURI.match", "url": "self#jumbf=/c2pa/urn:uuid:0b3bd0b6-9783-4adc-9609-fb29fff858da/c2pa.assertions/c2pa.actions", "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/c2pa.actions" }, { "code": "assertion.hashedURI.match", "url": "self#jumbf=/c2pa/urn:uuid:0b3bd0b6-9783-4adc-9609-fb29fff858da/c2pa.assertions/c2pa.hash.bmff", "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/c2pa.hash.bmff" }, { "code": "assertion.bmffHash.match", "url": "self#jumbf=/c2pa/urn:uuid:0b3bd0b6-9783-4adc-9609-fb29fff858da/c2pa.assertions/c2pa.hash.bmff", "explanation": "data hash valid" } ] }