Skip to content

danraveh-ai/effortproof

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

EffortProof

Check any image for Content Credentials (C2PA), right in your browser.

Live at: https://danraveh-ai.github.io/effortproof/ (soon effortproof.com)

Drop an image on the page and it instantly reports whether the file carries a C2PA Content Credentials manifest, who generated it, whether a signature block is present, and which assertions it contains. Everything runs client-side: your file never leaves your device. No uploads, no analytics, no external requests of any kind.

How it works

The page ships a small, dependency-free JavaScript detector (detect.js), a direct port of the c2pacheck Python CLI:

  • JPEG: C2PA rides in APP11 (0xFFEB) marker segments. The detector walks the segments and reassembles the JUMBF payload per box-instance in packet-sequence order.
  • PNG: JUMBF lives in the caBX ancillary chunk.
  • Other formats: a best-effort raw byte scan for manifest tokens.

The port is verified two ways: a node --test suite using the same fixture structures as c2pacheck's tests, and a cross-check on a real signed image where both implementations must produce identical results (same manifest footprint, claim generator, and assertion list).

Honest scope

This tool detects and inspects. It does not validate the signing certificate chain. "Signature present" means a signature block is embedded, not that it is valid or from a trusted issuer. The claim generator string is read heuristically (no full CBOR parse) and can include stray bytes. For full cryptographic verification use the official Content Credentials Verify tool.

Development

No build step. Serve the folder and open it:

node serve.mjs 8642     # or any static file server
# open http://127.0.0.1:8642/

Run the tests:

node --test "test/**/*.test.mjs"

Samples

samples/ contains two test images from contentauth/c2pa-rs (MIT/Apache-2.0): one with a C2PA manifest signed with a test certificate, one without.

License

MIT. See LICENSE.

About

Check any image for C2PA Content Credentials, right in your browser. Client-side only: your file never leaves your device.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors