Skip to content

Fix links to CAs and some other small edits #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 29, 2024
Merged

Fix links to CAs and some other small edits #172

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
62fbd3e
Fix links to CAs and some other small edits
crandmck Oct 29, 2024
399a1d4
Change admonition style
crandmck Oct 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 11 additions & 10 deletions docs/getting-started.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,23 +96,20 @@ To create or modify Content Credentials, you must have a valid security certific

You must purchase a X.509 v3 security certificate from a certificate authority (CA). There are many CAs that issue certificates. Some of the most popular ones are:

- Comodo SSL [https://ssl.comodoca.com/](https://ssl.comodoca.com/)
- Digicert [https://www.digicert.com/tls-ssl/compare-certificates](https://www.digicert.com/tls-ssl/compare-certificates)
- Entrust [https://www.entrust.com/resources/certificate-solutions](https://www.entrust.com/resources/certificate-solutions)
- GeoTrust [https://www.thesslstore.com/geotrust.aspx](https://www.thesslstore.com/geotrust.aspx)
- GlobalSign [https://shop.globalsign.com/en/ssl](https://shop.globalsign.com/en/ssl)
- GlobalSign: [S/MIME email signing](https://shop.globalsign.com/en/secure-email), [document signing](https://shop.globalsign.com/en/document-signing)
- IdenTrust: [S/MIME email signing](https://www.identrust.com/digital-certificates/secure-email-smime), [document signing](https://www.identrust.com/digital-certificates/document-signing)
- Comodo Cybersecurity: [S/MIME email signing cert](https://ssl.comodoca.com/s-mime), [document signing cert](https://ssl.comodoca.com/document-signing-certificates)
- Digicert: [S/MIME email signing cert](https://www.digicert.com/tls-ssl/secure-email-smime-certificates), [document signing cert](https://www.digicert.com/signing/document-signing-certificates)

:::note
The above list is for reference only; inclusion does not imply endorsement by CAI or Adobe, Inc.
:::note

When you purchase a certificate, you must select at least one of the extended key usage (EKU) fields that specify what the certificate can be used for: **email protection** and **document signing**. Applications that use the CAI SDK won't accept the certificate unless it has one of these EKUs.

### Extracting the certificate

To work with the certificate, you need to extract it. When the CAI SDK adds Content Credentials to an asset, it incorporates the certificate (including the associated public key) into the manifest.

:::danger
:::info Important
The _private key_ associated with the certificate is extremely sensitive. Always treat it with the highest security to ensure your credentials are not compromised. If someone does obtain your private key, they will be able to sign C2PA manifests and other content on your behalf without your consent.
:::

Expand Down Expand Up @@ -142,11 +139,15 @@ Identity can be bolstered with other kinds of evidence such as _Adobe connected

In addition to simply adding a name and organization, Adobe tools can use the [Connected Accounts service](https://connected-accounts.adobe.com/) to connect social media accounts such as Behance, Instagram, or Twitter to an identity in a manifest. This service uses OAuth, so a user must be able to log in to the account to connect it.

:::info
The [Creator Assertions Working Group (CAWG)](https://creator-assertions.github.io/) is developing a technical specification for an identity assertion for use in the C2PA ecosystem. CAI expects to adopt and implement this specification in the SDK at some point in the future.
:::

## How to use the SDK

The CAI open-source SDK consist of:

- **The C2PA Tool**, a command-line tool for working with manifests and media. This tool is a wrapper around the Rust SDK and provides most of the same capabilities that it does.
- **C2PA Tool**, a command-line tool for working with manifests and media. This tool is a wrapper around the Rust SDK and provides most of the same capabilities that it does.
- **Language-specific libraries** in C/C++, Python, Node.js and client JavaScript. NOTE: The C/C++, Python, Node.js libraries are prerelease versions whose APIs are subject to change.
- **The Rust library** enables a desktop, mobile, or embedded application to create and sign manifests, embed manifests in certain file formats, and parse and validate manifests.

Expand Down Expand Up @@ -187,7 +188,7 @@ A website can serve web pages that use the JavaScript library to display manifes

A server-side web application can create, modify, and sign claims (and view them) by:

- Executing a shell command to invoke C2PA Tool. For an example, see the [c2patool Node.js service example](c2pa-service-example).
- Executing a shell command to invoke C2PA Tool. For an example, see the [c2patool Node.js service example](c2pa-service-example). While this approach works, it is not highly scalable.
- Use the prerelease [Node.js](c2pa-node), [Python](c2pa-python), or [C++/C](c2pa-c) libraries.
- Bind to the Rust library and use it, similarly to native applications.

Expand Down
Loading