Original Pictures
The internal structure of a C2PA manifest

What is a C2PA Manifest? Structure, Assertions, and Verification

Definition: A C2PA manifest is a structured bundle of cryptographic assertions, creator identity, edit history, asset hash, and timestamp, signed by an X.509 certificate and bound to a media file.

TL;DR: A manifest is small, typically 2 to 15 KB for an image. It holds assertions, a claim with a SHA-256 hash, a claim signature, and an RFC 3161 timestamp. Verifying it is three steps: check the signature, check the hash, check the timestamp.

The four parts of a manifest

Assertions are the statements: c2pa.created, c2pa.actions, c2pa.ingredient, c2pa.thumbnail.claim. The claim binds those assertions to a SHA-256 hash of the asset bytes. The claim signature is an X.509 signature over the claim. The timestamp, RFC 3161 with the sigTst2 v2 attribute, fixes the signing moment so the signature outlives certificate expiry. Together they are tamper-evident: alter any one and the seal breaks.

How big is it and where does it live?

For a typical image a manifest runs 2 to 15 KB, embedded in the file or stored as a sidecar with a soft-binding pointer back. Video and audio manifests grow with the number of declared actions and ingredients but stay small relative to the media. The current published format is C2PA v2.2, with v2.3 tightening signing requirements.

Verifying in three steps

Recompute the asset hash and compare it to the claim, that is the hard binding. Validate the claim signature against the certificate chain. Validate the RFC 3161 timestamp. The open verifier does all three offline, and adds watermark and OpenTimestamps checks when those layers are present.

The incident behind this

Nikon Z6 III, September 2025: the manifest structure was valid and the signatures verified, but a multiple-exposure overlay let AI frames be signed. The lesson is that a well-formed manifest does not vouch for the capture pipeline behind it.

Implementation

{
  "claim_generator": "OriginalPictures/1.0",
  "assertions": [
    {
      "label": "c2pa.created",
      "data": {
        "actions": [
          { "action": "c2pa.ai_generated", "softwareAgent": "sdxl-1.0" }
        ]
      }
    },
    { "label": "cawg.identity", "data": { "affiliation": "Acme Corp" } }
  ],
  "signature": "<X.509 COSE>",
  "timestamp": "2026-05-20T14:32:11Z (sigTst2 v2)",
  "hash": "sha256:9f86d081..."
}

FAQ

Can a manifest be edited after signing?

Not without breaking the signature. Any change to the assertions or the hashed bytes invalidates the claim signature, which is what makes the manifest tamper-evident.

Where Original Pictures stands today

Original Pictures ships three things today: a Sign API, a Verify API, and the SDKs that wrap them. One POST /v1/sign attaches a C2PA-format manifest, an invisible TrustMark watermark, and an OpenTimestamps anchor. The open-source verifier checks any of it without calling us.

Two things are on the near roadmap, and we name them as roadmap, not as shipped: C2PA Conformance Program recognition (target Q3 2026, until then our manifests use the published C2PA v2.2 format and any C2PA-aware validator can read them, but third-party validators will show our signer as not-yet-listed), and a consumer capture app (Q3 2026). We do not sell a capture SDK, and we do not claim Trust-List membership we do not yet hold.

Bottom line: A C2PA manifest is a small, signed bundle of provenance facts. Verify the hash, the signature, and the timestamp, and you know whether the file is unchanged and who declared what.

Related


Original Pictures is progressing through the C2PA Conformance Program; our signing certificate is not yet on the official C2PA Trust List. Target: Q3 2026. We will not describe ourselves as "C2PA-certified" until it is true.

Original Pictures provides content-provenance infrastructure. It does not by itself constitute legal compliance with the EU AI Act or any other regime; compliance depends on how you deploy it, your disclosures, and your governance. Figures are drawn from public reporting, verify against primary sources before citing in regulated materials. Nothing here is legal advice.

Last verified 2026-05-25. Author: Mahdi Kazempour, Founder, Original Pictures.