No upload, 100% local, no account

Content Credentials (C2PA) reader

Drop a file to read its C2PA provenance manifest, if any. Everything stays on your device.

How Content Credentials (C2PA) reader works

C2PA Reader reads the Content Credentials embedded in an image or media file, the provenance information added by cameras, editing applications and publishing platforms that have adopted the C2PA (Coalition for Content Provenance and Authenticity) standard. When credentials are present, the tool shows what the manifest states: who signed it, with which tool or device, and which editing actions were recorded.

Important: the tool reports only the signals that are actually in the file. If no C2PA manifest is found, that means the file does not carry Content Credentials, it says nothing about how the file was made or whether its content is authentic. Absence of credentials is not evidence of manipulation, and this tool does not detect AI-generated content. Validation confirms that a manifest's signature is cryptographically intact, not that the content itself is trustworthy.

Frequently asked questions

What does a C2PA manifest actually contain?

A manifest can include: the identity of the signing entity (camera maker, software publisher), the timestamp of signing, the tool or device used, a hash of the asset at the time of signing, and a log of declared editing actions (crop, filter, generative fill, etc.). The content of the manifest depends entirely on what the creator's tool chose to record and sign.

If a file has no C2PA credentials, does that mean it has been tampered with?

No. The vast majority of images on the internet were created or processed by tools that do not add C2PA credentials. Absence of a manifest is neutral, it is not evidence of manipulation, forgery or AI generation.

Can C2PA credentials tell me whether an image is AI-generated?

Only if the creator's tool explicitly recorded and signed that claim in the manifest. Some AI image generators do include a "created with AI" assertion in their C2PA manifest. But a missing or unsigned assertion cannot be interpreted as proof either way, this tool reads and reports what is declared, nothing more.

Are my files uploaded to a server?

No. Every operation runs inside your browser tab using JavaScript and WebAssembly. Your file is read into memory on your own device, processed there, and the result is offered as a local download. Nothing is transmitted to Sunasty or any third party. You can verify it yourself: open your browser DevTools, go to the Network tab, and watch, no request carries your file.

Does it work offline?

Yes, once the page has loaded. Because the processing happens on your device, you can disconnect from the network and the tool keeps working. This is the clearest proof that your data never leaves your machine.

Is it free? Do I need an account?

It is completely free and requires no sign-up. There are no watermarks, no daily limits and no tracking cookies needed to use the tool.

Related tools

Keep everything local, explore complementary tools.