This repository is an example of a minimal application using the C2PA Rust library that illustrates how to use an external signing application and does not require OpenSSL.
The application uses a separate signer app to show how to keep the private keys secure. It signs assets using the Ed25519 digital signature scheme and can validate with a trust list.
NOTE: The example was built and tested on macOS, and these instructions assume you are using macOS.
The app uses the new C2PA Rust library API, which has Context, Settings, Builder, and Reader data structures. All the code for the main program is in src/main.rs, which calls out to the standalone singer app defined in src/bin/signer.rs.
The main program sign_external function calls the signer app. The signer app reads bytes from stdin, signs them using a private key, then writes the signed bytes to stdout. The signer app uses a test/development private key and certificate in the src/fixtures directory.
All manifest configuration for this example is done through src/fixtures/settings.json rather than the manifest definition passed to the Builder, so src/fixtures/manifest.json is empty and isn't needed for this example. The settings file:
- Configures
builder.claim_generator_info, setsbuilder.intenttodigitalCaptureso the signed image is identified as a digital capture, and disables the generated thumbnail. - Supplies a default set of trust anchors and trust config so the embedded certificate chain can be validated against a known trust list.
- Sets
verify.verify_after_signtofalsesince this example doesn't validate the manifest immediately after signing (see the note on validation above).
Prerequisites: Install Rust.
First build the signer binary:
cargo build --release --bin signer
This commands builds signer binary, target/release/signer.
Build and run the release application with:
cargo run --release
You'll see messages in the terminal like this:
Compiling c2pa_min v0.2.0 (/path_to_repo/c2pa-min)
Finished release [optimized] target(s) in 30.45s
Running `target/release/c2pa_min`
Output written to target/output.jpg
The application executable is saved to target/release/c2pa_min and on an ARM-based Mac is about 5.2 MB in size.
Note that this size may change with different versions of the SDK.
You can confirm that Content Credentials were added to target/output.jpg by using C2PA Tool (with c2patool target/output.jpg) or by uploading the image to Verify.