C2PA / Content Credentials
C2PA — the Coalition for Content Provenance and Authenticity — is an open standard for attaching tamper-evident, cryptographically signed provenance information to media. Its consumer-facing form is commonly known as Content Credentials. A C2PA manifest records who created or edited an asset, when, and how.
How C2PA works
A C2PA manifest is a structured set of assertions about an asset — its creator, tools, and edit history — bundled and signed, then embedded in or attached to the file. Viewers that understand C2PA can read the manifest and display the content's credentials. Today these manifests are typically signed with classical cryptography (RSA, ECDSA, or Ed25519).
C2PA and Certivu
Certivu and C2PA are complementary. Certivu signs content with post-quantum ML-DSA signatures and adds resilient watermarking and fingerprint fallbacks, and it can export a C2PA-compatible manifest for any record. That means you get quantum-resistant signatures and resilience while remaining interoperable with the C2PA ecosystem. See the detailed Certivu vs C2PA comparison.
FAQ
What is C2PA?
C2PA (Coalition for Content Provenance and Authenticity) is an open technical standard for attaching tamper-evident provenance information to media. Its consumer-facing form is often called Content Credentials. A C2PA manifest records who created or edited an asset and how, and is cryptographically signed.
What is the difference between C2PA and Content Credentials?
C2PA is the underlying open standard; Content Credentials is the brand and user-facing label for provenance built on C2PA. In practice the terms are often used interchangeably.
Does Certivu support C2PA?
Yes. Certivu can export a C2PA-compatible manifest for any provenance record, so content signed with Certivu's post-quantum signatures can interoperate with C2PA-aware tools and viewers.
Is C2PA post-quantum secure?
Not in current deployments. C2PA manifests are typically signed with classical algorithms such as RSA, ECDSA, or Ed25519. Certivu signs with ML-DSA, the NIST FIPS 204 post-quantum standard, while still offering C2PA export.