A Python library for reading C2PA metadata based on c2pa-rs
This library provides fast C2PA metadata extraction from digital assets using direct PyO3 bindings to the Rust C2PA implementation. It was created to address performance bottlenecks in existing Python C2PA libraries.
Note: This library is designed for reading C2PA metadata only. It does not support writing or creating C2PA metadata at this time.
| Implementation | Average Read Time |
|---|---|
| c2pa-python (UniFFI) v8 | ~486ms |
| fast-c2pa-python (PyO3) | ~18ms |
| Native Rust | ~7ms |
pip install fast-c2pa-pythonfrom fast_c2pa_python import read_c2pa_from_file
# Read C2PA metadata from a file (with automatic MIME type detection)
metadata = read_c2pa_from_file("path/to/image.jpg")
print(metadata)
# You can also specify the MIME type explicitly if needed
metadata = read_c2pa_from_file("path/to/image.jpg", "image/jpeg")from fast_c2pa_python import read_c2pa_from_bytes
# From HTTP response or other binary source
response = requests.get("https://example.com/image.jpg")
metadata = read_c2pa_from_bytes(response.content, "image/jpeg")
# Or from a file opened in binary mode
with open("path/to/image.jpg", "rb") as f:
data = f.read()
metadata = read_c2pa_from_bytes(data, "image/jpeg"){
"title": "Image Title",
"generator": "Adobe Photoshop",
"thumbnail": {...},
"assertions": [...],
"signature_info": {
"issuer": "Example Issuer",
"time": "2023-05-23T10:30:15Z",
"cert_serial_number": "1234567890"
},
"ingredients": [...],
# Additional manifest data
}To properly verify C2PA signatures, you may need to configure trust settings for specific certificate authorities or individual certificates. The Content Authenticity Initiative maintains a list of known certificates that can be used for verification.
from fast_c2pa_python import setup_trust_verification, read_c2pa_from_file
# Configure trust settings using certificate files
setup_trust_verification(
anchors_file="path/to/anchors.pem", # Root CA certificates
allowed_file="path/to/allowed.pem", # Allowed intermediate certificates
config_file="path/to/store.cfg" # Trust store configuration
)
# After configuring trust, read C2PA metadata
# The validation_state will be "Trusted" instead of just "Valid"
metadata = read_c2pa_from_file("path/to/image.jpg")
print(f"Validation state: {metadata['validation_state']}")Without trust configuration:
metadata = read_c2pa_from_file("image.jpg")
print(metadata['validation_state']) # "Valid" - signature verified but not trustedWith trust configuration:
setup_trust_verification("anchors.pem", "allowed.pem", "store.cfg")
metadata = read_c2pa_from_file("image.jpg")
print(metadata['validation_state']) # "Trusted" - signature verified and trustedYou can find trusted certificates and learn more about certificate verification at:
- CAI Known Certificate List: https://opensource.contentauthenticity.org/docs/verify-known-cert-list/
The library includes API compatibility tests to ensure functionality.
Install test dependencies:
pip install -r tests/requirements.txtRun API tests:
python run_tests.py --api-onlyThis library is built using Maturin, which provides Python bindings for Rust with PyO3.
# Install Maturin
pip install maturin
# Development build (debug mode)
maturin develop
# Run in release mode for better performance
maturin develop --releaseThis project is dual-licensed under both MIT and Apache 2.0 licenses to ensure compatibility with the underlying c2pa-rs library.
This library is built upon the excellent work of the c2pa-rs library by the Content Authenticity Initiative. The c2pa-rs library provides the core C2PA implementation in Rust, and this project creates Python bindings using PyO3 for improved performance.
Developed by: Sightengine - AI-powered content moderation
Key Dependencies:
Special thanks to the Content Authenticity Initiative and the c2pa-rs contributors for their foundational work on C2PA standards and implementation.