diff --git a/docs/getting-started.mdx b/docs/getting-started.mdx index 54aaadc4..bbe99d6e 100644 --- a/docs/getting-started.mdx +++ b/docs/getting-started.mdx @@ -84,10 +84,10 @@ In practice, to use a certificate with the CAI SDK, follow this process: 1. Purchase security credentials (certificate and key) from a certificate authority. Either email protection or document signing certificates are valid. 2. Extract the certificate by using a tool such as OpenSSL. You could also host the certificate in a secure environment like a hardware security module (HSM). -3. Use one of the supporting CAI libraries or C2PA Tool to sign manifests using the certificate. +3. Use one of the supporting CAI libraries or C2PA Tool to sign manifests using the certificate. :::tip -For more details and a short tutorial example, see [Signing manifests](manifest/signing-manifests.md). +For a short tutorial example, see [Signing manifests](manifest/signing-manifests.md). For more information on how to get and use a signing certificate in production, see [Getting and using a signing certificate](prod-cert.mdx). ::: ### Getting a security certificate @@ -159,25 +159,17 @@ The following diagram provides a high-level view of how to use the open-source C Applications can use the CAI SDK in several different ways: - Web pages can use the JavaScript library to display Content Credentials. -- Applications written in C++, Python, or Node.js can call C2PA Tool directly or use the APIs of the corresponding language libraries to: +- Applications can "shell out" to call C2PA Tool directly. +- Applications written in C++, Python, or Node.js can use the APIs of the corresponding language libraries to: - Create, modify, and sign manifests. - Embed manifests into media files. - Parse and validate manifests. Similarly, applications written in many programming languages can use the Rust Foreign Function Interface to call the Rust API and perform those same functions. - - ### Native desktop or mobile applications -Applications written in C++, Python, or Node.js can call C2PA Tool directly or use the corresponding language library APIs. CAI has prerelease versions of C++/C, Python, and Node.js libraries. As prerelease versions, these APIs are subject to change. +Applications written in C++, Python, or Node.js can use the corresponding prerelease library APIs. Applications written in any language call C2PA Tool directly, though doing so is not highly scalable. Alternatively, native applications can use Rust's _Foreign Function Interface_ (FFI) to call functions in the Rust library. The FFI enables interoperability between Rust and code written in other languages. diff --git a/docs/manifest/understanding.md b/docs/manifest/understanding.md index fa0d8982..4202b445 100644 --- a/docs/manifest/understanding.md +++ b/docs/manifest/understanding.md @@ -43,7 +43,7 @@ Manifests without time-stamps cease to be valid when the signing credential expi An RFC 3161 time-stamp enables you to prove the existence of a particular piece of data at a particular time. Think of it as a notary service for data. You present a piece of data (in this case, the C2PA claim data structure) and the third-party TSA verifies that it saw that data at a time that can be audited and is independently verifiable. -The time-stamp is typically defined as part of the signing information. You can set this via the c2patool `ta_url` field or by using the API. The time-stamp then appears in the `SignatureInfo` JSON object when reading the manifest store. +The time-stamp is typically defined as part of the signing information. You can set this by using C2PA Tool in the `ta_url` field or by using the SDK. The time-stamp then appears in the `SignatureInfo` JSON object when reading the manifest store. ## References