What is a C2PA Manifest?
A C2PA manifest is a cryptographically signed data structure embedded within a media file. It's the core data container that carries all provenance information about the content.
Manifest Components
1. Claim
The claim is the central element that ties everything together:
- Claim Generator — Identifies the software that created the manifest
- Title — Human-readable name of the asset
- Format — MIME type of the asset (e.g., image/jpeg)
- Instance ID — Unique identifier for this specific version
2. Assertions
Assertions are individual claims about the content. Common assertion types:
c2pa.actions— Actions performed (created, edited, resized, etc.)c2pa.hash.data— Hash of the asset data for integrity verificationstds.exif— EXIF metadata embedded within C2PAc2pa.thumbnail.claim.jpeg— Thumbnail of the assetstds.schema-org.CreativeWork— Schema.org metadata
3. Digital Signature
The signature provides cryptographic proof:
- Issuer — Certificate authority that issued the signing certificate
- Signing Time — When the manifest was signed
- Algorithm — Cryptographic algorithm used (e.g., ES256, PS256)
- Certificate Chain — X.509 certificate chain for verification
4. Ingredients
Ingredients reference source materials used to create or modify the content:
- Title — Name of the source asset
- Format — MIME type of the ingredient
- Relationship — How this ingredient relates (parentOf, componentOf)
- Hash — Cryptographic hash to verify the ingredient
5. Validation Status
Reports on the integrity of the manifest:
- Success — Signature and data integrity verified
- Failure — Manifest has been tampered with or signature is invalid
- Info — Additional validation notes
Manifest Store
A file can contain multiple manifests in a manifest store, creating a provenance chain. Each edit that preserves C2PA adds a new manifest linked to the previous one through ingredients.