ISO 27001 certified
Production signing infrastructure audited to ISO 27001 standards. Trusted by Rolling Stone for the Emmy-nominated Ukraine documentation work.
Service
C2PA Signing at scale, on every file
Server-side C2PA credential signing using Truepic-issued certificates. Embed verifiable creator identity, timestamp, geolocation, and edit history into millions of assets per day — and route them through x402 licensing in the same pipeline.
What is C2PA Signing?
Capture C2PA Signing is a managed API that adds C2PA Content Credentials to your media files at any scale. It is ISO 27001 certified, accepts CLI and HTTP requests, and is the only commercial signing service that simultaneously registers each asset on-chain via ERC-7053.
Capabilities
What you get
Hardware-backed certificates
Truepic-issued X.509 certificates rooted in CAI-trusted hardware enclaves. Signatures are independently verifiable by any C2PA-compliant viewer.
High-volume API
Sign millions of files per day. CLI and HTTP interfaces. Async batch mode for back-catalog signing, sync mode for live editorial pipelines.
x402 pipeline integration
Optionally route every signed asset through Capture's x402 licensing layer in the same call — no separate registration step.
Who it's for
Built for these scenarios
Newsroom integration
CMS plugins for Reuters, AP, and proprietary editorial systems. Every published image carries verifiable provenance the moment it leaves the desk.
Generative AI providers
Stamp every AI-generated output with C2PA credentials at inference time. Comply with EU AI Act Article 50 from day one.
Stock and DAM platforms
Add C2PA to your existing back catalogue without re-uploading. Keep your DAM, gain provenance.
Quick start
Get integrated in minutes
# Sign a file via the Capture C2PA CLI
capture sign \
--input photo.jpg \
--identity https://yourdomain.example/about \
--license https://yourdomain.example/terms \
--output photo-signed.jpg
# Verify
c2patool photo-signed.jpg
REST API, Node.js / Python SDKs, and Truepic Lens hardware integrations also available.
Built on open standards
C2PA 2.0 — Coalition for Content Provenance and Authenticity
ISO 27001 — Audited information security
ERC-7053 — Optional on-chain registration
Frequently asked
C2PA Signing questions
What does C2PA Signing actually do?
It cryptographically attaches verifiable provenance metadata — creator identity, timestamp, capture device, geolocation, and a full edit history — to a media file. Any C2PA-compliant viewer (Adobe Photoshop, Microsoft Edge, browsers with the official extension) can independently verify the credentials without contacting Capture.
How is this different from Adobe Content Credentials?
Adobe's tools sign content credentials, but they are limited to the file itself. Metadata can still be stripped when content is re-uploaded or screenshot. Capture C2PA Signing also writes an ERC-7053 record on-chain, so even if metadata is removed, ownership and timeline remain provable. This multi-layer approach is what the EU AI Act draft Code of Practice recommends.
How fast is the signing API?
Sub-100ms median latency on standard image sizes. We benchmark and publish our P99 numbers monthly. Newsroom workloads of 10,000+ files per hour are routine.
Do my files leave my infrastructure?
No. Only the file hash and signing payload travel to our service. The signed credential block is returned to you to embed in the file. The original file content never crosses our boundary.