Documentation

Signata

Signata is cryptographic content provenance and verification, built on the open C2PA / Content Credentials standard. It tells you where a piece of media came from and whether it has changed since it was signed, and is deliberate about never claiming more than that.

It does two things. It verifies real Content Credentials produced by tools like Adobe, OpenAI, and supported cameras, and it signs your own media so others can verify it later. Every issued credential is recorded in a tamper-evident transparency log, so provenance can be recovered by content hash even after a platform strips the embedded metadata.

What this is not

Signata answers provenance questions, not truth questions. A valid signature proves origin and integrity, not that what the content depicts is true, and not that an unsigned image is fake. Absence of provenance is normal and is never evidence of fakery. The Limits page covers this in full.

The two questions it answers

Every verification reduces to these, and only these:

Where did this come from?

Read the signed Content Credential attached to an asset: who signed it, with what tool, and the edit history they recorded.

Has it changed since it was signed?

Recompute the hard binding (a hash of the asset's bytes) and compare it to what the signer committed to. If they differ, the asset was altered after signing.

The verdicts

A verification resolves to exactly one verdict. The wording is chosen so it cannot be read as “real vs fake.” This vocabulary comes straight from VERDICT_META in @signata/shared: the same source the API, the inspector, and the badge use, so descriptions never drift.

Verified provenance

verified

A valid Content Credential is attached, its signature and hard binding check out, and the signer is trusted.

Provenance present · untrusted signer

provenance_present_untrusted

A valid, intact Content Credential is attached, but its signer is not in your trust list.

Altered after signing

tampered

A Content Credential is attached but the content no longer matches what was signed.

No provenance · authenticity unknown

no_provenance

No Content Credential was found. Authenticity is unknown. This is not evidence of fakery.

AI disclosure is orthogonal to the verdict: a verified asset can also be openly AI-generated or AI-edited. We surface that from the manifest’s IPTC DigitalSourceType and an explicit assertion. See Core concepts.

Start here

Prefer to click around first? The public Verify Studio verifies any image in your browser with no API key required.