Every C2PA signing pipeline follows the same four stages regardless of what stack you’re running: hash the content, build the Manifest, sign the Claim, embed the Manifest Store. Two published reference implementations now exist for media organisations — ARD‘s fully serverless AWS pipeline (Lambda + KMS + S3) and CBC/Radio-Canada‘s dual-compute architecture (Lambda + Fargate + KMS + MediaConvert). Both are open source.
This article walks through the architecture patterns, key management decisions, SDK selection, certificate procurement, credential preservation through transcoding, live streaming provenance (C2PA 2.3), and cost economics at SMB scale. We’re assuming you already know what C2PA is and how the infrastructure works. We’ll open with pipeline stages, not definitions.
What Are the Core Stages of a C2PA Signing Pipeline Regardless of Stack?
Every C2PA implementation runs the same four stages in sequence. The stack changes; the stages don’t.
Stage 1 — Prepare and hash. Read the asset bytes and compute a cryptographic hash. This hash is what binds the manifest to the specific file. Change a single bit and the hash changes, breaking the binding.
Stage 2 — Build the C2PA Manifest. C2PA information is a series of assertions — statements about the asset. These are wrapped into a digitally signed entity called a claim. The manifest definition is a JSON template specifying which assertions to include: creation timestamp, creator identity, AI usage flags, action history.
Stage 3 — Sign the Claim. The claim is signed using COSE (CBOR Object Signing and Encryption) and the signer’s private key, from a Certificate Authority enrolled in the C2PA Trust List. In a well-designed cloud pipeline the private key never touches application code or Lambda memory — it gets delegated via the CallbackSigner pattern to AWS KMS. More on that in the Key Management section below.
Stage 4 — Embed the Manifest Store. The C2PA Manifest Store — a collection of one or more manifests — is embedded in the output asset or produced as a sidecar file.
The Claim Generator is the software component that runs stages 2 and 3. In cloud architectures that is typically a Lambda function or containerised microservice running c2pa-rs (the open-source Rust SDK from the Content Authenticity Initiative), c2pa-node-v2 (its Node.js bindings for TypeScript Lambda functions), or c2pa-python for ML and AI pipeline environments.
Two binding strategies affect how your pipeline handles transcoding. Hard binding embeds a cryptographic hash of the exact asset bytes in the manifest — the default. Soft binding uses watermarking or fingerprinting for assets that will be transcoded, embedding the credential in the content signal rather than the file metadata. For a complete overview of C2PA’s trust model and ecosystem components, see what C2PA is and how the infrastructure works.
How Does the ARD/AWS Serverless Reference Architecture Work?
ARD (Arbeitsgemeinschaft der öffentlich-rechtlichen Rundfunkanstalten) built the first fully serverless C2PA signing pipeline on AWS. WDR’s Streaming Architect Martin Grohme published the pattern via the AWS Media & Entertainment blog. It demonstrates signing at the source with minimal operational overhead.
The ARD pipeline works like this:
- An S3 object creation event triggers a Lambda function. No polling, no manual triggering.
- Lambda downloads the S3 object to local temporary storage.
- Lambda prepares claim bytes using a predefined manifest definition and sends them to AWS KMS.
- AWS KMS signs the claim bytes via the CallbackSigner pattern. The private key never leaves KMS.
- The signed object is uploaded back to S3.
One key ARD design decision worth noting: they use AWS KMS for private key storage rather than Secrets Manager. The certificate chain (PEM format) lives in Secrets Manager, referenced by ARN — keeping certificate storage separate from key storage. This is what makes zero-downtime certificate rotation possible. The ARD code (AWS SAM, MIT licence) is at github.com/ARD-C2PA-SAMPLES/c2pa_signfrag_awslambdakms.
Lambda vs. Fargate — Which Compute Option Fits Your Signing Volume?
CBC/Radio-Canada extended the ARD pattern with a dual-compute architecture that routes signing jobs via an Application Load Balancer to either Lambda or Fargate:
- AWS Lambda: Per-invocation pricing, scales to zero. Best for intermittent or low-volume workloads.
- AWS Fargate: Continuous compute, lower latency at sustained high volume. You pay for Fargate even when idle — only worth it for sustained continuous workloads.
The CBC solution also includes AWS Elemental MediaConvert native C2PA support — the simplest path for teams already using MediaConvert for transcoding. No signing code required in Lambda or Fargate on this path. Certificates sit in Secrets Manager and the signing key is referenced by KMS ARN in the job definition.
The CBC reference repository — github.com/aws-solutions-library-samples/guidance-for-media-provenance-with-c2pa-on-aws — includes AWS CDK deployment scripts and both signing paths. It is a prototype for experimentation, not a production-ready system.
How Should I Manage Signing Keys — AWS KMS Versus Hardware HSM?
Key management is the architectural decision in a C2PA signing pipeline. The private key must never reside in application code, Lambda memory, or container storage. That is not a recommendation — it is a C2PA conformance requirement.
AWS KMS is the cloud-native choice. It uses FIPS 140-2 Level 2 validated hardware security modules, logs all key usage in AWS CloudTrail, and performs asymmetric signing without exposing private key material. Both the ARD and CBC reference implementations use it.
The CallbackSigner in c2pa-node-v2 is how you connect your Claim Generator to KMS. The callback receives data bytes, signs via KMS, and returns the signature. The private key never reaches application code. See the FAQ below for the full pattern.
The certificate chain is stored separately in AWS Secrets Manager, referenced by ARN. The MediaConvert equivalent references both stores by ARN in the job definition — neither key nor certificate touches application code.
Hardware HSM (AWS CloudHSM) provides FIPS 140-2 Level 3 key storage for organisations with regulatory requirements mandating physical key control. For most cloud-native pipelines, AWS KMS is sufficient.
The Nikon incident is worth knowing about. In September 2025, a researcher demonstrated that Nikon’s C2PA-enabled cameras could fraudulently sign content via a firmware vulnerability. A proof of concept signed an AI-generated image with a valid C2PA certificate despite having zero photographic provenance. Nikon revoked every C2PA certificate it had ever issued, invalidating every previously signed asset.
Key compromise means full certificate revocation. Design your incident response before deployment:
- Detection. CloudTrail alerts on anomalous KMS signing volumes or off-hours activity.
- Revocation. Contact your CA immediately to submit a Trust List revocation.
- Re-signing. Identify affected assets, work out which remain under your control, re-sign under a new certificate.
- Certificate renewal. Update Secrets Manager with the new certificate chain — Lambda and MediaConvert reference the ARN, so no redeployment is required.
Once you have your key management architecture sorted, the next step is getting the certificates that let you sign content in the first place.
For identity assertion privacy design, see privacy design considerations when implementing identity assertions.
How Do I Get a Signing Certificate and What Does Conformance Programme Enrolment Require?
Production C2PA signing requires a certificate from a CA enrolled in the official C2PA Trust List. This is the step most developers underestimate when planning a timeline.
The C2PA Conformance Programme is the gateway — a risk-based governance process holding Claim Generator products, validators, and Certificate Authorities accountable to the Content Credentials specification. Three phases:
- Implement a conformant Claim Generator. Your implementation must produce valid C2PA manifests that pass the conformance test suite. Browse conforming products at
spec.c2pa.org/conformance-explorer/. - Apply to the Conformance Programme. Submit an Expression of Interest via the form on the C2PA conformance page.
- Obtain a certificate from a Trust List CA. SSL.com joined the C2PA Trust List as a Conformant CA in September 2025. DigiCert is among the other CAs issuing C2PA-compatible certificates. CA fees are not publicly documented — engage directly with your preferred CA.
The distinction between the Interim Trust List (ITL) and the official C2PA Trust List (TL) matters in practice. As of January 1, 2026 the ITL is frozen — no new entries, no updates, no new certificates. Existing ITL certificates remain valid for legacy support until they expire. New implementations must target the official Trust List.
If you implement against ITL certificates, verifiers using the official Trust List model will not recognise your signed content. That is a hard operational constraint.
Plan for weeks to months from implementation decision to first signed production asset, depending on CA processing time and organisational readiness. Build that lead time into your project plan before announcing implementation dates.
After obtaining a certificate, see verifying your implementation’s trust posture against the C2PA Trust List for ongoing trust validation guidance.
How Do I Preserve C2PA Credentials Through Video Transcoding and Format Conversion?
Standard transcoding strips C2PA manifests. The manifest contains a cryptographic hash of the exact asset bytes — transcode changes those bytes, the hash no longer matches, the credential is invalid. This is a frequent operational failure mode in media pipelines.
Three ways to handle it:
Path 1: Use AWS Elemental MediaConvert’s native C2PA support. For MP4, DASH, and CMAF HLS outputs, MediaConvert handles credential embedding as part of the transcode job. This is the simplest path for AWS-centric workflows — no signing code required in Lambda or Fargate.
Path 2: Re-sign after transcoding with an ingredient relationship. For custom pipelines, position the signing Lambda or container after the transcode stage. Treat the transcoded output as a new asset that inherits provenance via a parent manifest reference. In c2pa-node-v2, use the 'edit' Builder intent with addIngredientFromReader(sourceReader) and relationship: 'parentOf'. This creates a linked provenance chain — a verifier can trace back through the ingredient relationship to the original signed asset.
Path 3: Soft binding for distribution channels that strip metadata. Social platforms and many CDN pipelines strip embedded file metadata on upload. Soft binding embeds the credential in the content signal via watermarking or fingerprinting, surviving format conversion and metadata stripping. Use it as a complementary strategy for distribution channels outside your direct control.
For more on making credentials durable through distribution, see adding watermarking and fingerprinting to make credentials durable.
How Does Chain-of-Custody Work When Content Passes Through AI Editing Tools?
C2PA 2.3 records AI-edited content through edit assertions — each C2PA-aware tool adds an assertion recording what action was performed, by which tool, and when. The Manifest Store accumulates a linked chain of manifests representing the full provenance history.
When the chain survives. Several major tools already maintain the chain in practice. Adobe Lightroom records c2pa.color_adjustments, c2pa.cropped, and other actions. ChatGPT-generated images carry DigitalSourceType: trainedAlgorithmicMedia. Google Pixel 10 Magic Eraser outputs carry compositeWithTrainedAlgorithmicMedia. The chain holds as long as every tool passes the manifest forward.
The EU AI Act, effective August 2026, requires machine-readable disclosure labels for AI-generated content. C2PA’s DigitalSourceType assertions are the technical mechanism for that compliance.
When the chain breaks. Non-C2PA-aware tools strip or ignore the manifest. Social platforms strip all photo metadata on upload. Even Lightroom’s current implementation records AI-assisted edits only as “Color or Exposure” or “Cropping” — the AI involvement is not disclosed. Implementation-dependent disclosure is a real constraint.
For pipeline architects: treat every AI editing stage as a potential chain-break point. For stages lacking native C2PA support, design a re-signing step that creates a new manifest referencing the prior one as an ingredient. The chain is technically broken at the non-aware tool, but the downstream provenance record is preserved.
How Do I Add C2PA to a Live Streaming Pipeline Using HLS or DASH?
C2PA 2.3 (December 2025) introduces segment-level signing for live streaming. As Irdeto noted in their January 2026 analysis, “the bump from C2PA 2.2 to 2.3 may suggest only a small adjustment. For the video ecosystem, however, the latest version introduces a major capability: support for live streaming.”
The architectural difference from VOD is fundamental. VOD uses a Merkle tree — the originator computes the tree once the complete asset is known. For live streaming, the complete asset is never known in advance. Signing occurs per segment.
How CMAF segment-level signing works:
C2PA 2.3 uses the Verifiable Segment Info method. Each live segment includes a small Event Message Box (emsg) carrying the segment’s signature and position within the track. Session keys — a new class of asymmetric intermediate keys — generate per-segment signatures and can be rotated frequently across tracks. Compromise of a session key affects only a bounded window of segments.
Compatibility is straightforward: both HLS and DASH use CMAF segments as the underlying transport format. No changes to M3U8 or MPD manifests, no codec changes, compatible with DRM and CDN infrastructure, and safely ignored by non-C2PA-aware players.
The real complexity is integration with existing DRM key management systems. The Irdeto analysis details the interaction between DRM key management and C2PA session key management as the primary non-trivial integration challenge.
Delayed/asynchronous signing is available for workflows where real-time signing would introduce unacceptable latency — capture first, sign post-capture before distribution.
Current maturity: there are limited production deployments as of early 2026. Sony demonstrated C2PA-enabled professional video cameras at IBC 2025. For broadcast and streaming platforms the emphasis right now is preparedness, not immediate production deployment.
What Does C2PA Implementation Actually Cost at SMB Scale?
At 10,000 signing operations per day, your total cloud infrastructure cost runs approximately US$35–40/month.
Here is what makes up that number:
SDK costs: zero. c2pa-rs and c2pa-node-v2 are MIT licenced.
AWS KMS: approximately US$1.00 per 10,000 asymmetric signing requests. At 10,000 operations/day that comes to roughly US$30/month.
AWS Lambda: approximately US$3–5/month for 10,000 invocations/day at around 500ms per invocation.
AWS Elemental MediaConvert native signing: no incremental cost beyond standard transcode pricing.
Amazon S3 and Secrets Manager: approximately US$2–4/month for storage and retrieval at this scale.
Certificate Authority costs: not publicly documented by either DigiCert or SSL.com. Engage directly with your Trust List CA for a quote.
Total infrastructure at 10,000 images/day: approximately US$35–40/month, plus one-time certificate procurement costs.
The ARD team summed it up well: “confirming content provenance doesn’t require massive infrastructure investments… the solution is both scalable and economically viable, making it accessible to broadcasters and content providers of all sizes.”
The dominant cost is engineering time. Infrastructure at this volume is a rounding error. Budget for the build, not the running.
Frequently Asked Questions
What C2PA SDKs are available and which should I choose for a cloud signing service?
c2pa-rs (Rust) is the reference SDK for performance-critical pipelines and direct Lambda deployment. c2pa-node-v2 provides Node.js bindings via Neon for TypeScript Lambda functions — precompiled binaries available for Linux x86_64, Linux aarch64, macOS, and Windows. c2pa-python is available for ML and AI pipeline environments. c2patool is for testing and validation only, not production signing. AWS Elemental MediaConvert offers a zero-code path for teams already using it for transcoding.
What is a CallbackSigner and how does it connect to AWS KMS?
A CallbackSigner delegates the signing operation to an external function — typically an AWS KMS SignAsync API call. The callback receives data bytes, signs via KMS, and returns the signature. The private key never leaves KMS. This is the standard cloud key management integration pattern in C2PA signing libraries.
What is the difference between the Interim Trust List and the official C2PA Trust List?
The ITL was frozen on January 1, 2026 — no new entries, no updates, no new certificates. Existing ITL certificates remain valid for legacy support until expiry. New implementations must target the official Trust List via the C2PA Conformance Programme. Using an ITL certificate means verifiers using the official Trust List model will not recognise your signed content.
How does fMP4 segment signing differ from signing a standard MP4 file?
Standard MP4 signing hashes the entire file as a single unit. fMP4 signing requires computing a hash per fragment and storing all segment hashes in the manifest. During playback, the validator recomputes hashes per segment — a mismatch on any segment fails validation. All validation occurs during playback and must complete without introducing latency.
How do I handle certificate rotation without pipeline downtime?
Store your certificate chain in AWS Secrets Manager referenced by ARN. Upload the new certificate as a new Secrets Manager version when the current certificate nears expiry. Lambda functions and MediaConvert jobs reference the ARN — not the certificate content — so no redeployment is required.
What assertions should I include in a C2PA manifest for AI-generated content?
At minimum: creation timestamp, generating tool identity, and a DigitalSourceType assertion — trainedAlgorithmicMedia for wholly AI-generated content, compositeWithTrainedAlgorithmicMedia for composites. The EU AI Act (August 2026) requires machine-readable disclosure labels for AI-generated content. Include action history if the content passed through multiple processing stages.
What happens to the C2PA chain of custody if I use a non-C2PA-aware editing tool?
The chain breaks. Non-C2PA-aware tools strip or ignore the manifest. The content must be re-signed as a new origin asset downstream. Design your pipeline to re-sign after any stage lacking native C2PA support, creating a new manifest that references the prior manifest as an ingredient.
Does AWS Elemental MediaConvert’s native C2PA support work with DASH and HLS outputs?
Yes. MediaConvert supports C2PA manifest embedding for progressive MP4, DASH, and CMAF HLS outputs. Enable it with C2paManifest: "INCLUDE" in Mp4Settings. Certificates are stored in Secrets Manager; the signing key is referenced by KMS ARN in the job definition.
For a full overview of what C2PA is and how content provenance infrastructure works — including the trust model, ecosystem governance, and the other implementation considerations in this series — see the complete C2PA content provenance guide.
