How Content Credentials work, end to end

This page traces a single image from capture through display, naming every component that touches the credential along the way. The aim is operational: a reader who has finished the page should be able to look at a specific deployment and identify which stages produce credentials, which preserve them, which strip them, and which surface them to humans. The detail is necessary because most failures of Content Credentials in practice are pipeline failures rather than cryptographic ones — the math works; some link in the chain drops the data.

The walk-through assumes a photograph taken on a C2PA-capable camera, edited in Photoshop, published via a wire service, distributed through a major social platform, and viewed in a browser. Each of these stages has well-documented C2PA behavior as of mid-2026, and the variations across alternative paths are noted where they matter.

Stage 1: capture

The pipeline begins when the photographer presses the shutter on a C2PA-capable device. On a Leica M11-P (October 2023), the camera's firmware computes a SHA-256 hash of the captured image data, assembles a small set of capture-time assertions — device make and model, optionally GPS coordinates, optionally identity information bound to the photographer's account — and signs the bundle using a private key stored in a secure element. The result is a manifest embedded as a JUMBF box in the DNG file before it is written to the card.

The Pixel 10 (September 2025) does the equivalent operation against a key protected by the Titan M2 security chip, with a similar capture-assertion set. The Samsung Galaxy S25 (January 2025) uses the Knox secure environment. Sony α-series bodies updated through Imaging Edge from 2024 onward perform the signing on a tethered companion device or in firmware depending on model. Truepic's mobile SDK provides equivalent capture for non-flagship phones. The adoption status page tracks the current device matrix.

Several things can go wrong at capture. The signing key may be compromised in firmware, as in the 2025 Nikon Z6 III incident. The capture-time assertions may include incorrect data (a misset clock, a wrong GPS fix). The image may simply not be signed because the photographer disabled the feature, which is a user-controllable setting in most implementations. None of these are cryptographic failures; they are configuration and trust-root failures.

Stage 2: ingestion

The image transfers from the camera to a computer or cloud workflow. The transfer itself is a non-event for C2PA: the file is copied byte-for-byte and the embedded manifest comes along. The first risk appears at ingestion, where catalog software may re-encode thumbnails, generate previews, or convert formats. A converter unaware of JUMBF will strip the box. A converter aware of it may preserve the box but break the hard binding if any pixel-level operation happens.

Adobe Bridge, Capture One, and the major raw processors have C2PA-aware ingestion paths as of their 2025 releases. The behavior is to preserve the original manifest and, on derivative creation (proxy, preview, export), to either chain a new manifest pointing to the original as an ingredient, or to mark the derivative as having lost the chain. Whether end users see this distinction in the UI varies; the underlying metadata records it.

Stage 3: editing

The editing stage is where C2PA's assertion vocabulary does its most visible work. When a user opens a credentialed image in Photoshop (24.x and later, with Content Credentials enabled), saves a modified version, and exports, Photoshop produces a new manifest that:

• References the source image as an ingredient assertion, including its hash.
• Records the actions performed — color adjustments, crops, generative fills, layer additions — in a c2pa.actions assertion.
• Hashes the new output and binds the manifest to it via a hard binding.
• Optionally records the signer's identity, derived from the user's Adobe account.
• Signs the whole claim with the user's signing certificate.

The chain is now two manifests deep: the camera's, and Photoshop's, with the latter pointing to the former. A validator traversing the chain can reconstruct the edit history. The manifest structure page explains the data layout.

Stage 4: publication

A wire service or publisher exports the edited image for distribution. Modern wire pipelines — AP's Verify pilot, Reuters's C2PA workflow, the Project Origin partners — preserve the chain through this stage and may add a publisher-level manifest indicating editorial approval. The publisher's manifest is signed by a certificate identifying the publishing organization, not the individual photographer, and may include redactions of PII while preserving chain validity.

Publication is also the stage at which most consumer-facing platforms first encounter the file. Some preserve it. Many do not. The platform policies page tracks the current behavior, but the short version is that LinkedIn and TikTok preserve manifests on most upload paths, X strips them by default, Meta varies by surface, and YouTube has no production C2PA path for stills as of mid-2026.

Stage 5: transmission and the stripping problem

When a platform strips the manifest — whether deliberately, to save bytes, or incidentally, as a side effect of re-encoding — the cryptographic chain is broken. The pixels are unchanged perceptually but the JUMBF box is gone and the file's hash no longer matches what was signed. This is where durable Content Credentials intervene.

The publisher, at publication time, registered the manifest with a C2PA-aware registry and embedded a soft-binding fingerprint or watermark in the image. After stripping, the image still carries the soft binding. A consuming application can compute the same fingerprint, query the registry, and retrieve the original manifest. The chain is reconstructed even though the manifest never traveled with the bytes. This mechanism is not universal yet — registry adoption is still patchy — but it is the architectural answer to platform stripping.

Stage 6: verification

A consuming application — a browser extension, a desktop tool, the c2patool CLI — reads the file, locates any JUMBF box, parses the manifest, walks the chain of ingredient references, and validates every signature against the C2PA Trust List. The output is a structured validation report covering each step of the chain.

$ c2patool image.jpg
{
  "active_manifest": "urn:uuid:a1b2c3d4-...",
  "manifests": {
    "urn:uuid:a1b2c3d4-...": {
      "claim_generator": "Adobe Photoshop 25.5",
      "signature_info": {
        "issuer": "Adobe Content Authenticity",
        "cert_serial_number": "01:23:45:...",
        "trusted": true,
        "signed_at": "2026-04-12T18:22:17Z"
      },
      "ingredients": [
        { "title": "DSC_0421.dng",
          "format": "image/x-adobe-dng",
          "validation_status": "valid",
          "active_manifest": "urn:uuid:f0e1d2c3-..." }
      ],
      "assertions": [
        { "label": "c2pa.actions",
          "data": { "actions": [
            { "action": "c2pa.color_adjustments" },
            { "action": "c2pa.cropped" },
            { "action": "c2pa.published" }
          ] } }
      ]
    }
  }
}

The above is illustrative of the c2patool output format; the field names and structure match the actual reference implementation. A successful validation answers two questions: was the chain cryptographically intact, and were all signers trusted. A failure surfaces specific reason codes — missing ingredient, invalid signature, untrusted certificate, hash mismatch.

Stage 7: display

The final stage is the one that ordinary users see. The Content Credentials display surface — the small CR icon, a click-through inspection panel — is what makes the credential a public trust signal rather than a tool for experts. The visual treatment varies by implementation: Adobe's Verify site (verify.contentauthenticity.org) shows a full timeline; Microsoft's Edge has experimented with native badges; the New York Times has piloted inline Content Credentials displays on selected published images.

Where the chain most often breaks

In production, the most common chain breaks are not adversarial. They are operational: a tool in the workflow does not preserve manifests, a screenshot replaces a download, a re-encode for thumbnail generation strips the JUMBF box, a publishing CMS does not surface the C2PA-aware export path. Anyone deploying Content Credentials in earnest spends most of their effort on the plumbing rather than on the cryptography. The cryptography is solved; the integration is not.

Where the field is moving

Two pipeline gaps are the focus of ongoing work in 2026. Live video, especially live broadcast, has no clean C2PA story; the 2.4 spec includes scaffolding but production deployments lag. The other gap is the consumer-facing display layer in browsers. Native C2PA support in Chrome and Edge has been under discussion since 2024 but has not shipped as a default-on feature. Until it does, the typical reader will not see credentials unless they install an extension or visit a publisher that surfaces them inline — meaning the entire pipeline above produces value invisible to most viewers. Closing that last mile is the largest open problem in the practical deployment of Content Credentials.