Cat-2 · T550 · Compliance & Consent
v1.1

C2PA Manifest Composer

Author a C2PA manifest DEFINITION in your browser: actions assertions (c2pa.actions v2, including a digitalSourceType picker), ingredient declarations with client-side SHA-256 digests, a creative-work/EXIF-subset assertion, and a draft CAWG identity block. Exports the definition JSON, its digest, and an OCG authoring receipt.

This tool composes and structurally validates manifest DEFINITIONS. It does not sign. Trusted C2PA signing requires a conformance-program-passed product holding a Trust List claim-signing certificate - this tool is not that, and no browser-held key ever could be. Nothing exported here should be presented as a signed or trusted C2PA manifest. Sign the exported definition yourself with your own certificate and tooling (e.g. c2patool).
C2PA Compose, Not Sign Zero PII Client-Side
Scope & reliance — 🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data - use synthetic or anonymised inputs only. This composer produces a manifest DEFINITION, not a signed or embedded C2PA manifest, and makes no Trust List validation claims. Ingredient digests are whole-file SHA-256 hashes computed locally, not byte-exclusion-range hashes from a full C2PA embedder. Deterministic logic · no inference · zero PII · CC BY 4.0.
Claimclaim_generator · format · instanceID
Actions (c2pa.actions.v2)
One row per action performed to produce this asset. digitalSourceType uses the IPTC/C2PA vocabulary, including trainedAlgorithmicMedia.
Ingredientsdrag a file to compute its SHA-256 digest client-side
Drag a file here, or - never uploaded, hashed in-browser only
The first ingredient with "use as hard binding" checked populates this manifest's c2pa.hash.data assertion below.
Creative Work & EXIF Subsetstds.schema-org.CreativeWork + stds.exif (no location fields - zero PII)
CAWG Identity Assertion DRAFT
Representative CAWG Identity Assertion v1.3 shape. Unsigned, unverified - a draft structure only, not a validated encoding of the CAWG spec and not a verified identity claim.
Signing (Declared Intent Only)
This composer never holds or uses a signing key. Declaring an intended algorithm here only records which algorithm you plan to sign with later, external to this tool - it does not create a signature.
Export for Signing · c2patool Bridge
This tool never signs. Compose above, then export a c2patool-compatible manifest-definition file and sign it yourself with your own certificate and tooling. The OCG receipt binds this definition's digest to whatever you sign later as an asserted correspondence - we cannot observe your signing act, so the receipt never claims one happened.
c2patool <your-asset-file> -m c2patool-manifest-definition.json -o <signed-output-file> # c2patool reads signing credentials from its own config/trust settings (see # https://opensource.contentauthenticity.org/docs/c2patool/x_509 ) - this # exported file carries no certificate or private key, by design. # Ingredient hashes above are whole-file sha256 of the bytes you dropped here; # c2patool recomputes ingredient hashes from the actual file at sign time, so # use the byte-identical file or the signed manifest will not match.
Format compatibility: mapped from this composer's internal definition to the field names c2patool's manifest JSON documents (claim_generator, title, format, instanceId, assertions[]). The draft CAWG identity block is intentionally omitted from this export - it is a representative shape only, not a validated encoding, and is not part of c2patool's documented schema. Verification status: this environment is zero-dependency/zero-egress and cannot install or run c2patool, so acceptance is documented as a reproducible manual proof rather than a live CI check - see the checked-off row for the exact recipe.