Skip to content

Replace Verify with ACA Inspect #270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
crandmck merged 5 commits into from
Dec 16, 2025
Merged

Replace Verify with ACA Inspect #270

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a2ba216
Replace Verify with ACA Inspect
crandmck Dec 5, 2025
1ab2547
Add md cell component, edit inspect info
crandmck Dec 15, 2025
7ea48d3
Add screenshot of actions
crandmck Dec 16, 2025
3e9bea9
Fix layout of actions image, Andy comment
crandmck Dec 16, 2025
1ed186e
Make name consistent with HelpX, some other small edits
crandmck Dec 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/community.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Participants are required to follow the [Adobe Code of Conduct](https://github.c

### Verify

The code for the [C2PA Verify website](https://verify.contentauthenticity.org/) is open source. For general information on using it, see [Using the Verify tool](getting-started/verify.mdx).
The code for the [C2PA Verify website](https://verify.contentauthenticity.org/) is open source. However, it currently uses the deprecated [Legacy JavaScript library](https://github.com/contentauth/c2pa-js-legacy).

### Related projects

Expand Down
388 changes: 388 additions & 0 deletions docs/getting-started/aca-inspect.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,388 @@
---
id: inspect
title: Using the inspect tool on Adobe Content Authenticity (Beta)
---

import aca_inspect from '@site/static/img/aca-inspect.png';
import inspect_actions from '@site/static/img/inspect_actions.png';
import MarkdownCell from '@site/src/components/MarkdownCell';

The [**Inspect tool on Adobe Content Authenticity (Beta)**](https://verify.contentauthenticity.org) (often referred to as "ACA Inspect" or simply "Inspect") is a [C2PA conforming validator product](../conformance.mdx#validator-products) that validates and displays Content Credentials for various asset types.

<img
src={aca_inspect}
style={{
width: '500px',
border: '1px solid #ccc',
}}
/>

For more information, see [Inspect Content Credentials](https://helpx.adobe.com/creative-cloud/apps/adobe-content-authenticity/inspect/inspect-tool.html) on Adobe HelpX.

## How to use Inspect

You can use Inspect to view Content Credentials for an asset in two ways:

- [Upload an asset file](#uploading-an-asset) from your local computer.
- [Use an asset URL](#using-an-asset-url).

Supported asset file types include:

- **Image**: AVIF, DNG, GIF, HEIC, HEIF, JPEG, PNG, SVG, TIFF, and WebP.
- **Video and audio**: AVI, M4A, MOV, MP3, MP4, and WAV.
- **Document**: PDF.

:::tip
When you first load the site and no asset is displayed on the page, Inspect shows the complete current list of supported file types.
:::

### Uploading an asset

Click **Select a file from your device** then use the native picker or drag and drop a file to upload it and display information from the associated Content Credentials (if any) such as the author, the tools used to create the asset, and so on.

### Using an asset URL

You can also display Content Credentials for an asset with a publicly-visible URL by using a URL with the following format:

```
https://inspect.cr?source=<ASSET_URL>
```

where `<ASSET_URL>` is the URL of the asset.

For example: https://inspect.cr?source=https://contentauth.github.io/example-assets/images/car-es-Ps-Cr.jpg

:::note
To use Inspect on an asset URL, the URL must not require any authentication and the hosting server must allow cross-origin resource sharing (CORS) in the `Access-Control-Allow-Origin` HTTP response header.
:::

## Example assets

The [example-assets](https://contentauth.github.io/example-assets/) repository contains some sample assets that demonstrate Content Credentials, including links to view the corresponding manifest reports generated by [C2PA Tool](../c2patool/readme.md) and to view the Content Credentials using Inspect.

## Information displayed

Once you've uploaded an asset or entered an asset URL, if the asset:

- **Does not** have an associated manifest store, Inspect displays the message **No Content Credential**.
- **Does** have an associated manifest store, Inspect displays information from it in the three vertical panels, for example as shown below.

import verify_sections from '@site/static/img/inspect-sections.png';

<img src={verify_sections} style={{ width: '800px', marginBottom: '20px' }} />

<table>
<thead>
<tr>
<th style={{ width: '260px', backgroundColor: '#ccc' }}>
Left panel &uarr;{' '}
</th>
<th style={{ width: '300px', backgroundColor: '#ccc' }}>
Center panel &uarr;
</th>
<th style={{ width: '250px', backgroundColor: '#ccc' }}>
Right panel &uarr;
</th>
</tr>
</thead>
<tbody>
<tr>

<MarkdownCell valign="top">
This section shows a thumbnail image and the asset name from the `title` property in the active manifest, which may not be the same as the file name. If there's no `title` property, it says "Untitled asset."

Also shows who signed the Content Credentials ("Recorded by").

Adobe products can save manifest stores in the [Adobe Content Credentials Cloud](index.mdx#storing-a-manifest-in-the-cloud). Click **Search for possible matches** to search there for content similar to the asset's ingredients.

</MarkdownCell>

<MarkdownCell valign="top">
Shows all the asset's ingredients in a tree-like layout.
- Click on an ingredient thumbnail to inspect its Content Credentials in the right panel.
- Click **Compare** to compare ingredients either side-by-side or using a slider.

Zoom in and out using the mouse wheel or trackpad and pan by dragging.

NOTE: The example above shows only one ingredient.

</MarkdownCell>

<MarkdownCell valign="top">
Shows information from the asset's manifest store, as described below:

- [Title and signing information](#title-and-signing-information)
- [Contributor details](#contributor-details)
- [Content details](#content-details)

</MarkdownCell>
</tr>
</tbody>
</table>

### Title and signing information

The top of the right panel displays a thumbnail of the image along with the same title and signing information as shown in the left panel.

If the Content Credential was signed by a certificate that is NOT on the [C2PA trust list](conformance.mdx#c2pa-trust-lists), such as one of the SDK's [test certificates](signing/test-certs.md), then Inspect displays "Unrecognized" at the top of this section with this notice:

import verify_unknown_source from '@site/static/img/unknown-source.png';

<img
src={verify_unknown_source}
style={{ width: '283px', display: 'block', margin: '10px auto' }}
/>

However, if the Content Credential was signed by a certificate on the [C2PA trust list list](conformance.mdx#c2pa-trust-lists), then this section displays the name of the issuer of the claim signature from the `signature_info.issuer` property in the active manifest, as shown in the example snippet below.

:::note
This section shows the organization name only if the signing certificate includes the "O" or [Organization Name attribute](https://www.alvestrand.no/objectid/2.5.4.10.html) (OID value 2.5.4.10) in the certificate's distinguished name information.
:::

For signers on the C2PA trust list, this section also displays the time of the claim signature from the `signature_info.time` property in the active manifest, as shown in the example snippet below. The date is converted from UTC to the local time zone.

```json
"signature_info": {
"alg": "Ps256",
"issuer": "Adobe Inc.",
"common_name": "Adobe C2PA",
"cert_serial_number": "419323736054358557205556576293173262079519360989",
"time": "2025-10-23T19:22:19+00:00"
},
```

If the issuer string is too long, then the date might be truncated or not shown at all.

<!--

### Validation status

If the manifest has [validation errors](manifest/reading/validation.md), then Inspect displays this notice:

import verify_validation_error from '@site/static/img/verify-validation-error.png';

<img
src={verify_validation_error}
style={{ width: '300px', display: 'block', margin: '10px auto' }}
/>

Inspect displays this warning if the `validation_status` array contains any elements. For example, here is an snippet from the manifest of an image with a hard binding hash mismatch error,


For example, a [this image](https://verify.contentauthenticity.org?source=https://spec.c2pa.org/public-testfiles/image/jpeg/adobe-20220124-E-dat-CA.jpg) with a hard binding hash mismatch error, as shown in [this manifest store](https://spec.c2pa.org/public-testfiles/image/jpeg/manifests/adobe-20220124-E-dat-CA/manifest_store.json):


```
"validation_status": [
{
"code": "assertion.dataHash.mismatch",
"url": "self#jumbf=/c2pa/contentauth:urn:uuid:04cdf4ec-f713-4e47-a8d6-7af56501ce4b/c2pa.assertions/c2pa.hash.data",
"explanation": "asset hash error, name: jumbf manifest, error: hash verification( Hashes do not match )"
}
]
```

Another example that can result in this message is shown in [this image](https://verify.contentauthenticity.org?source=https://spec.c2pa.org/public-testfiles/image/jpeg/adobe-20220124-E-clm-CAICAI.jpg) with a missing referenced claim, as shown in [this manifest store](https://spec.c2pa.org/public-testfiles/image/jpeg/manifests/adobe-20220124-E-clm-CAICAI/manifest_store.json):


Another example that can result in this message is a missing referenced claim, as shown in snippet of manifest data:

```
"validation_status": [
{
"code": "assertion.hashedURI.mismatch",
"url": "self#jumbf=c2pa.assertions/c2pa.ingredient__1",
"explanation": "hash does not match assertion data: self#jumbf=c2pa.assertions/c2pa.ingredient__1"
},
{
"code": "claim.missing",
"url": "self#jumbf=/c2pa/contentbeef:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019",
"explanation": "ingredient not found"
}
]
```

-->

### Contributor details

For assets edited and signed with Adobe tools, if the creator has configured [connected social media accounts](https://helpx.adobe.com/creative-cloud/apps/adobe-content-authenticity/connect-accounts.html) such as Instagram, LinkedIn, and Behance, then this section displays that information with links to the creator's profile on the social media platform.

### Content details

The **Content details** section displays information about the asset, divided into the following subsections:

- [App or device used](#app-or-device-used)
- [Recorded by](#recorded-by)
- [Actions](#actions)
- [Ingredients](#ingredients)

Additionally, if the image was created with a generative AI tool, an **AI-generated** note is displayed at the top of the section.

#### App or device used

The value shown for **App or device used** is derived from the `claim_generator` and `claim_generator_info` properties in the active manifest.

#### Recorded by

The organization, device, or individual that signed the Content Credentials, based on the `signature_info` field in the manifest, for example:

```json
"signature_info": {
"alg": "Ps256",
"issuer": "Adobe Inc.",
"common_name": "Adobe C2PA",
"cert_serial_number": "419323736054358557205556576293173262079519360989",
"time": "2025-10-23T19:22:19+00:00"
},
```

#### Actions

<img
src={inspect_actions}
style={{
width: '400px',
float: 'right',
border: '1px solid #ddd',
margin: '10px',
}}
/>

The **Actions** subsection lists [actions](https://opensource.contentauthenticity.org/docs/manifest/assertions-actions#actions) in the active manifest, for example, as shown at right.

The corresponding `actions` array in the asset's manifest is shown below.

<div style={{ clear: 'both', marginBottom: '20px' }} />

<details style={{backgroundColor: 'transparent'}}>
<summary class="code_summary">Show manifest code</summary>

```json
{
"label": "c2pa.actions.v2",
"data": {
"actions": [
{
"action": "c2pa.opened",
"parameters": {
"description": "Opened a pre-existing file",
"com.adobe.tool": "open",
"com.adobe.icon": "https://cai-assertions.adobe.com/icons/import-dark.svg",
"instanceId": "xmp:iid:73f1d577-2d17-46ec-908a-09f2380df77c"
}
},
{
"action": "c2pa.cropped",
"parameters": {
"com.adobe.tool": "crop",
"com.adobe.icon": "https://cai-assertions.adobe.com/icons/crop-dark.svg",
"description": "Used cropping tools, reducing or expanding visible content area"
}
},
{
"action": "c2pa.resized",
"parameters": {
"com.adobe.tool": "image_size",
"description": "Changed dimensions or file size",
"com.adobe.icon": "https://cai-assertions.adobe.com/icons/resize-dark.svg"
}
}
],
...
}
}
```

</details>

#### Ingredients

The **Ingredients** section shows the resources used to create the asset, derived from the `ingredients` array in the active manifest. A thumbnail image is shown for each ingredient, if applicable. If an ingredient itself had Content Credentials, the "cr" icon is shown next to the thumbnail.

<!--

### Camera capture details

If the active manifest includes [Exif metadata assertions](../manifest/writing/assertions-actions.md#cawg-metadata-assertions), then an additional **Camera capture details** section shows information about the device used to create the asset, as illustrated below:

import verify_exif from '@site/static/img/verify-exif.png';

<img src={verify_exif} style={{ width: '500px' }} />

The Exif metadata assertions from the JSON manifest for the above example is shown below:

<details style={{backgroundColor: 'transparent'}}>
<summary class="code_summary">Show manifest code</summary>

```json
"assertions": [
{
"label": "com.truepic.libc2pa",
"data": {
"git_hash": "023bb51",
"lib_name": "Truepic C2PA C++ Library",
"lib_version": "2.5.1",
"target_spec_version": "1.2"
},
"kind": "Json"
},
{
"label": "stds.exif",
"data": {
"@context": {
"EXIF": "http://ns.adobe.com/EXIF/1.0/",
"EXIFEX": "http://cipa.jp/EXIF/2.32/",
"dc": "http://purl.org/dc/elements/1.1/",
"rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
"tiff": "http://ns.adobe.com/tiff/1.0/",
"xmp": "http://ns.adobe.com/xap/1.0/"
},
"EXIF:GPSAltitude": "123.5",
"EXIF:GPSHorizontalAccuracy": "16.4",
"EXIF:GPSLatitude": "43.152093900000",
"EXIF:GPSLongitude": "-77.580532800000",
"EXIF:GPSTimeStamp": "2023-02-12T18:44:26Z"
},
"kind": "Json"
},
{
"label": "stds.exif",
"data": {
"@context": {
"EXIF": "http://ns.adobe.com/EXIF/1.0/",
"EXIFEX": "http://cipa.jp/EXIF/2.32/",
"dc": "http://purl.org/dc/elements/1.1/",
"rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
"tiff": "http://ns.adobe.com/tiff/1.0/",
"xmp": "http://ns.adobe.com/xap/1.0/"
},
"EXIF:Make": "Google",
"EXIF:Model": "Pixel 5"
},
"instance": 1,
"kind": "Json"
},
{
"label": "stds.exif",
"data": {
"@context": {
"EXIF": "http://ns.adobe.com/EXIF/1.0/",
"EXIFEX": "http://cipa.jp/EXIF/2.32/",
"dc": "http://purl.org/dc/elements/1.1/",
"rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
"tiff": "http://ns.adobe.com/tiff/1.0/",
"xmp": "http://ns.adobe.com/xap/1.0/"
},
"EXIF:DateTimeOriginal": "2023-02-12T18:44:26Z"
},
"instance": 2,
"kind": "Json"
},
...
]
```

</details>

-->
Loading