Skip to content

MANAGED SIGNING

Issue C2PA manifests through one HTTP call.

Hashproof signs C2PA 2.x manifests with managed, per-tenant keys. Ed25519 + ML-DSA-65 hybrid signatures, hourly Merkle anchoring to Base L2, and IPFS CIDv1 storage. One endpoint: POST /v1/sign.

What you get

Four properties of every signed manifest. None of them are optional; none of them require additional configuration.

Managed keys, per tenant

Hashproof generates and rotates signing keys on your behalf. Keys are isolated per tenant, never leave the signing service, and rotate without invalidating existing manifests.

Hybrid signatures

Every manifest is signed twice. Ed25519 for compatibility, ML-DSA-65 (FIPS 204) for post-quantum resilience. Verifiers that understand the hybrid header validate both; legacy verifiers see a valid Ed25519 signature.

Merkle-anchored to Base L2

Each signed manifest is a leaf in an hourly Merkle batch, anchored to Base L2. Tampering with a stored manifest breaks the inclusion proof, which is independently verifiable on-chain.

Content-addressed storage

Manifests are stored under their IPFS CIDv1: content-addressable, deduplicated, and pin-friendly. The same hash that identifies the asset locates the manifest.

How a signature happens

One request fans out to four data planes. The full path from upload to on-chain anchor takes between 200 ms and one hour, depending on which response field you read.

  1. 01

    POST a binary

    Send the asset (image, audio, video, document) to /v1/sign with optional assertions and a title. Multipart form data; up to 100 MB per request on Scale.

  2. 02

    Server signs with managed key

    The signing service hashes the asset, builds a C2PA 2.x claim, and signs with the tenant-scoped Ed25519 + ML-DSA-65 hybrid key. The raw key never leaves the enclave.

  3. 03

    Manifest stored, CID returned

    The signed manifest is written to content-addressed storage. The response carries a manifest ID, the CID, the signature algorithm, and a signed asset URL.

  4. 04

    Anchored hourly to Base L2

    The manifest hash is appended to the next Merkle batch. Once anchored, GET /v1/manifests/:id/proof returns the inclusion path, verifiable against the on-chain root.

Minimal request

cURL is enough. The TypeScript SDK wraps this with retries and streaming uploads.

curl -X POST https://api.hashproof.ai/v1/sign \
  -H "x-api-key: $HASHPROOF_API_KEY" \
  -F "file=@/path/to/image.jpg" \
  -F "title=Q3 launch hero"

# => {
#   "manifestId": "01JS7Z...",
#   "manifest": { "cid": "bafkrei...", "algorithm": "ed25519+ml-dsa-65", ... },
#   "signedAssetUrl": "https://...",
#   "message": "Manifest signed and stored."
# }

Related capabilities

Signing is the first verb of three. The full triple is what makes provenance load-bearing.

Resolve

Find the manifest after re-encodes, crops, or platform compression. pHash + Hamming threshold lookup over your signed corpus.

Verify

One call returns signature validity, trust-list match, and full lineage for any asset you or anyone signed through Hashproof.

Compliance reports

EU AI Act Article 50 disclosures generated directly from your signed manifests. Auditor-ready PDF + JSON.

Sign your first manifest in 60 seconds.

Free tier includes 1,000 signed manifests per month. No credit card.