C2PA Validate


C2PA validate is a helper plugin that validates files in regards to their authenticity as outlined by the Content Authenticity Initiative

The plugin provides both a system task for initializing existing assets, as well as listeners for new ones (and new versions). Note that to validate them, the asset is downloaded to the appserver and evaluated locally.



Type: String, required: yes

delivered by brix


Type: String, required: yes

Full path to the c2patool executable, see https://opensource.contentauthenticity.org/docs/c2patool (tested up to 0.7)


type: list of long (comma separated), required: no, default: -

Which user group's IDs can use this plugin (superadmins always see it in any case).


Type: long, required: probably

Dropdown to set the validity in. MUST look like this:

        <dropdown id="???" name="c2pa_validate">
                <label lang="de">Content Validation</label>
                <label lang="en">Content Validation</label>
                <option index="1">
                        <label lang="de">k.A.</label>
                        <label lang="en">n/a</label>
                <option index="2">
                        <label lang="de">gültig</label>
                        <label lang="en">valid</label>
                <option index="3">
                        <label lang="de">ungültig</label>
                        <label lang="en">invalid</label>


Type: long, required: no

Checkbox to set to true if the asset is valid. This is an alternative to c2paValidate.validationDropdownInfofieldId, using them both makes no sense.


Type: long, required: no

Textarea field to write the validation log to. Probably not necessary (just enable DEBUG logging), but if you want to show the user what exactly has happened, use this.


Type: long, required: no

NodeReferencing information field to tag all signatories. New signatures get added automatically.


Type: long, required: no

Textarea to list the signatories in. This is an alternative to c2paValidate.signatureNodeRefInfofieldId, using them both makes no sense.


Type: long, required: no

Date field to save the time that the signature was created.


Type: List of String (comma-separated), required: yes, default: claimSignature.validated,signingCredential.trusted,timeStamp.trusted,assertion.hashedURI.match,assertion.dataHash.match,assertion.bmffHash.match,assertion.accessible

Codes that are considered valid by the C2PA specification


Type: List of String (comma-separated), required: yes, default avi,avif,c2pa,dng,heic,heif,jpg, jpeg,m4a,mp3,mp4,mov,pdf,png,svg,tif,tiff,wav,webp

List of file extensions that are supported by the c2patool


Type: String, required: probably, default https://verify.contentauthenticity.org/inspect

Base-URL of the verification UI used in the detail view. The file to be inspected will be passed as a URL though the source parameter.


type: list of string (comma separated), required: no, default: asset_preview,asset_objectinformation,asset_lockinfo,asset_metadatainfo,asset_technicalassetinfo,asset_pinoverview

The c2paValidateSidebarSection may to be added to the list of sidebar content in this property. They will be displayed in the provided order, e.g.


type: list of string (comma separated), required: no, default: overview,customfields,objectinformation,backstage,version,assetrelation,modificationhistory,publicurls

The c2paValidateDetailViewTab may to be added to the list of detailview tabs in this property. They will be displayed in the provided order, e.g.


Compatibility Matrix

C2PA Validate CELUM (min. version)
1.0 6.8 (tested up to 6.16)

Release Notes


Released: 2022-06-20

Initial release


Released: 2022-06-25

  • Added UI components
  • Added signature infofield support


Released: 2024-05-26

  • More supported file types (based on upstream)