A Flutter plugin for C2PA (Coalition for Content Provenance and Authenticity) that enables reading and signing content credentials on mobile devices.
- Read C2PA manifests from files or byte arrays
- Sign images with C2PA manifests (embedded content credentials)
- Support for multiple signing algorithms (ES256, ES384, ES512, PS256, PS384, PS512, ED25519)
- Optional Time Stamping Authority (TSA) support
- Native performance via platform-specific C2PA libraries
| Platform | Minimum Version |
|---|---|
| iOS | 15.0 |
| Android | API 28 (Android 9.0) |
Add c2pa_flutter to your pubspec.yaml:
dependencies:
c2pa_flutter:
git:
url: https://github.com/nicktardif/c2pa-flutter.gitThen run:
flutter pub getimport 'package:c2pa_flutter/c2pa.dart';final c2pa = C2pa();final version = await c2pa.getVersion();
print('C2PA version: $version');final manifestJson = await c2pa.readFile('/path/to/image.jpg');
if (manifestJson != null) {
// Parse and use the manifest JSON
print(manifestJson);
}final Uint8List imageData = /* your image bytes */;
final manifestJson = await c2pa.readBytes(imageData, 'image/jpeg');final signerInfo = SignerInfo(
algorithm: SigningAlgorithm.es256,
certificatePem: '''-----BEGIN CERTIFICATE-----
...your certificate...
-----END CERTIFICATE-----''',
privateKeyPem: '''-----BEGIN PRIVATE KEY-----
...your private key...
-----END PRIVATE KEY-----''',
tsaUrl: 'http://timestamp.digicert.com', // optional
);
final manifestJson = '''{
"claim_generator": "MyApp/1.0.0",
"title": "Signed Photo",
"assertions": [
{
"label": "c2pa.actions",
"data": {
"actions": [
{
"action": "c2pa.created",
"digitalSourceType": "http://cv.iptc.org/newscodes/digitalsourcetype/digitalCapture"
}
]
}
}
]
}''';
final result = await c2pa.signBytes(
sourceData: imageData,
mimeType: 'image/jpeg',
manifestJson: manifestJson,
signerInfo: signerInfo,
);
// result.signedData contains the signed image with embedded C2PA manifest
// result.manifestBytes contains the manifest bytes (optional)await c2pa.signFile(
sourcePath: '/path/to/source.jpg',
destPath: '/path/to/signed.jpg',
manifestJson: manifestJson,
signerInfo: signerInfo,
);| Method | Description |
|---|---|
getVersion() |
Returns the C2PA library version |
getPlatformVersion() |
Returns the platform (iOS/Android) version |
readFile(path) |
Reads C2PA manifest from a file path |
readBytes(data, mimeType) |
Reads C2PA manifest from byte array |
signBytes(...) |
Signs bytes and returns signed data with manifest |
signFile(...) |
Signs a file and writes to destination path |
| Property | Type | Description |
|---|---|---|
algorithm |
SigningAlgorithm |
Signing algorithm to use |
certificatePem |
String |
PEM-encoded certificate chain |
privateKeyPem |
String |
PEM-encoded private key |
tsaUrl |
String? |
Optional Time Stamping Authority URL |
es256- ECDSA with P-256 and SHA-256es384- ECDSA with P-384 and SHA-384es512- ECDSA with P-521 and SHA-512ps256- RSASSA-PSS with SHA-256ps384- RSASSA-PSS with SHA-384ps512- RSASSA-PSS with SHA-512ed25519- EdDSA with Ed25519
| Property | Type | Description |
|---|---|---|
signedData |
Uint8List |
The signed image data with embedded manifest |
manifestBytes |
Uint8List? |
The manifest bytes (if available) |
image/jpegimage/pngimage/webpimage/avifimage/heicimage/heif
See the example directory for a complete sample application demonstrating camera capture with C2PA signing.
See LICENSE for details.
The Coalition for Content Provenance and Authenticity (C2PA) is a standards body that develops technical specifications for certifying the source and history of media content. C2PA manifests provide a tamper-evident way to attach provenance information to digital content.
Developed by Guardian Project.