C2PA Verification Extension

Tags:
Categories:

  6 minute read  

YouSeddit C2PA Verification Extension

The YouSeddit Browser Extension builds upon open-source C2PA verification technology to not only verify C2PA metadata in media but also to validate text quotes against the YouSeddit blockchain ledger and verify smart contract authorization.

Overview

The Content Authenticity Initiative (CAI) and the Coalition for Content Provenance and Authenticity (C2PA) have established standards for tracking the origin and edit history of digital content. The YouSeddit extension extends this standard to include:

  1. C2PA Metadata Verification: Standard validation of C2PA metadata in images and videos
  2. Text Quote Verification: Validation that quoted text has matching C2PA metadata referencing YouSeddit blockchain entries
  3. Smart Contract Validation: Verification that the hosting domain has proper authorization to display the C2PA-enabled content

See a mock newspaper example demonstrating how verified images and quotes might appear.

Technical Architecture

Built on Open Standards

This extension is modeled after open-source C2PA verification extensions, extending their capabilities with blockchain integration:

graph TD
    subgraph Browser Extension
        A[Detect C2PA Asset on Page] --> B{Extract C2PA Manifest};
        B --> C{Verify C2PA Compliance};
        C -- Compliant --> D{Has YouSeddit Data?};
        C -- Not Compliant --> Z[❌ Not C2PA Compliant];
        D -- Yes --> E{Extract Ledger ID & IPFS CID};
        D -- No --> AA[ℹ️ Standard C2PA];
        E --> F[API Call: youseddit.com/validate];
        F -- Ledger ID, IPFS CID --> G(Youseddit Platform API);
        G --> H{Validate Ledger Entry};
        H -- Valid --> I{Verify IPFS Asset Hash};
        H -- Invalid --> Y[❌ Ledger Invalid];
        I -- Match --> J{Check Publisher License};
        I -- Mismatch --> X[❌ Asset Mismatch];
        J -- Valid License --> W[✅ Fully Verified];
        J -- No/Invalid License --> V[⚠️ License Invalid];
    end

    subgraph External Systems
        G;
        K[Blockchain Ledger];
        L[IPFS];
        M[Publisher Domain];
    end

    G --> K;
    G --> L;
    G --> M;

Components

  1. C2PA Validation Engine

    • Leverages the C2PA JavaScript SDK to detect and validate C2PA metadata
    • Parses manifests to extract content provenance information
    • Verifies digital signatures against trusted issuers

  2. Text Quote Parser

    • Identifies potential quoted text on webpages
    • Searches for C2PA assertion claims in or near the text
    • Extracts identifiers linking to YouSeddit blockchain entries

  3. Blockchain Verification Layer

    • Queries the YouSeddit blockchain ledger using extracted identifiers
    • Validates that quoted text matches the authenticated source in the ledger
    • Verifies cryptographic signatures and hashes

  4. Smart Contract Validator

    • Checks domain authorization against YouSeddit smart contract registry
    • Validates licensing terms, expiration, and usage rights
    • Verifies payment status for content usage

Data Flow

The verification process follows these steps:

  1. Extension detects C2PA-enabled content on a webpage

  2. C2PA manifest is extracted and validated for integrity

  3. For text quotes, extension:

    • Extracts YouSeddit blockchain identifiers from C2PA metadata
    • Queries the blockchain ledger to verify the source text
    • Compares the quoted text against the authenticated version
    • Checks domain authorization via smart contract

  4. Results are displayed to the user with appropriate indicators

Implementation

Core Technologies

  • C2PA JavaScript SDK: For parsing and validating C2PA manifests
  • Web3.js: For blockchain interaction and smart contract validation
  • Content Script: For DOM manipulation and UI integration

Manifest (v3)

{
  "manifest_version": 3,
  "name": "Youseddit C2PA Verifier",
  "version": "1.0",
  "description": "Verify C2PA metadata and text quotes against the YouSeddit blockchain",
  "permissions": [
    "storage",
    "activeTab"
  ],
  "host_permissions": [
    "https://*.youseddit.com/*"
  ],
  "background": {
    "service_worker": "background.js"
  },
  "content_scripts": [
    {
      "matches": ["http://*/*", "https://*/*"],
      "js": ["c2pa-sdk.js", "content.js"],
      "css": ["styles.css"]
    }
  ],
  "action": {
    "default_popup": "popup.html",
    "default_icon": {
      "16": "icons/icon16.png",
      "48": "icons/icon48.png",
      "128": "icons/icon128.png"
    }
  },
  "web_accessible_resources": [
    {
      "resources": ["icons/*", "verification-badge.svg"],
      "matches": ["<all_urls>"]
    }
  ]
}

Key Code Components

C2PA Manifest Processing

// Detect and process C2PA metadata in content
async function processC2PAManifest(element) {
  try {
    // Use C2PA SDK to extract manifest
    const manifest = await c2pa.read(element);
    
    if (!manifest) return null;
    
    // Check for YouSeddit assertion
    const yousedditAssertion = manifest.assertions.find(
      assertion => assertion.claim?.youseddit?.blockchainId
    );
    
    if (!yousedditAssertion) return manifest; // Standard C2PA, no YouSeddit data
    
    // Extract blockchain reference and email verification info
    const blockchainId = yousedditAssertion.claim.youseddit.blockchainId;
    const emailVerification = yousedditAssertion.claim.youseddit.emailVerification;
    
    // Validate that content was properly encrypted and verified
    if (!emailVerification || !emailVerification.encryptionVerified || !emailVerification.signatureVerified) {
      return {
        verified: false,
        reason: 'encryption_or_signature_invalid',
        manifest: manifest
      };
    }
    
    // Verify against blockchain
    return verifyWithBlockchain(manifest, blockchainId);
  } catch (error) {
    console.error('C2PA processing error:', error);
    return null;
  }
}

Text Quote Verification

// Verify text quotes against blockchain content
async function verifyTextQuote(quoteElement) {
  // Extract quote text
  const quoteText = quoteElement.textContent.trim();
  
  // Look for data attributes or nearby C2PA indicators
  const blockchainId = quoteElement.dataset.yousedditId || 
                        findNearbyBlockchainId(quoteElement);
  
  if (!blockchainId) return null;
  
  // Query blockchain for authenticated text
  const blockchainData = await queryBlockchain(blockchainId);
  
  if (!blockchainData) return { verified: false, reason: 'not_found' };
  
  // Compare text against blockchain record
  const textMatch = compareText(quoteText, blockchainData.authenticText);
  
  // Verify domain has authorization
  const contractStatus = await verifyDomainContract(
    window.location.hostname,
    blockchainId
  );
  
  return {
    verified: textMatch.isMatch,
    textMatchPercent: textMatch.matchPercentage,
    contractValid: contractStatus.isValid,
    contractExpires: contractStatus.expirationDate,
    sourceInfo: blockchainData.sourceInfo,
    c2paManifest: blockchainData.c2paManifest
  };
}

Smart Contract Validation

// Verify domain has valid contract for content
async function verifyDomainContract(domain, contentId) {
  try {
    // Connect to YouSeddit contract registry
    const contractRegistry = new web3.eth.Contract(
      REGISTRY_ABI,
      REGISTRY_ADDRESS
    );
    
    // Check if domain has valid contract for this content
    const contractData = await contractRegistry.methods
      .validateDomainContent(domain, contentId)
      .call();
    
    return {
      isValid: contractData.isValid,
      expirationDate: new Date(contractData.expirationTimestamp * 1000),
      licenseType: contractData.licenseType,
      paymentStatus: contractData.paymentStatus
    };
  } catch (error) {
    console.error('Contract validation error:', error);
    return { isValid: false };
  }
}

C2PA Metadata Structure

The YouSeddit extension recognizes standard C2PA manifests with additional Youseddit-specific assertions:

{
  "claim_generator": "Youseddit Content Authenticator v1.0",
  "assertions": [
    {
      "label": "c2pa.hash",
      "data": {
        "hash_algorithm": "sha256",
        "hash": "5ae0a0f542458d1379e0a603a5419e631dcdc1c45a1020a4d371400dd92bd9e3"
      }
    },
    {
      "label": "youseddit.blockchain",
      "data": {
        "blockchainId": "0x7d931ff3a802d6c5b8c94e5421ccd1e392bde1c9ff7283173121a1c52348ec5e",
        "ledgerType": "ethereum",
        "contentType": "quote",
        "timestampVerified": "2025-03-15T14:22:31Z"
      }
    },
    {
      "label": "youseddit.emailVerification",
      "data": {
        "encryptionVerified": true,
        "signatureVerified": true,
        "keyId": "0x8A7F1D77AC8267436F7673D69CFA6F91BFC33196",
        "encryptionTimestamp": "2025-03-10T09:10:23Z",
        "signatureTimestamp": "2025-03-10T09:15:00Z"
      }
    },
    {
      "label": "youseddit.source",
      "data": {
        "name": "Jane Doe",
        "organization": "Example Organization",
        "interviewDate": "2025-03-10T09:15:00Z",
        "interviewMethod": "email",
        "verificationMethod": "pgp",
        "walletAddress": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e"
      }
    }
  ]
}

Integration with C2PA Ecosystem

The extension integrates with the broader C2PA ecosystem:

  1. Compatible with CAI Workflows: Works with content created through Content Authenticity Initiative tools
  2. Adobe C2PA Support: Compatible with Adobe-generated C2PA metadata
  3. Truepic Integration: Works alongside Truepic verification for photos
  4. Cross-Platform Support: Functions with all major C2PA implementations

Development Guide

Setup

  1. Clone the repository:

    git clone https://github.com/Sanmarcsoft/youseddit-c2pa-extension.git
cd youseddit-c2pa-extension

  2. Install dependencies:

    npm install

  3. Build the extension:

    npm run build

  4. Load in Chrome:

    • Open chrome://extensions/
    • Enable “Developer mode”
    • Click “Load unpacked” and select the dist directory

Testing

The extension includes comprehensive testing for both C2PA validation and blockchain verification:

# Run C2PA validation tests
npm run test:c2pa

# Run blockchain verification tests
npm run test:blockchain

# Run end-to-end tests
npm run test:e2e

Creating YouSeddit C2PA Content

To create content with YouSeddit C2PA assertions:

  1. Use standard C2PA creation tools (Adobe, CAI tools, etc.)
  2. Add YouSeddit assertions through the YouSeddit Creator Portal
  3. Generate blockchain entries for your content
  4. Apply smart contracts for distribution

Extension API

The extension provides a JavaScript API for webpage integration:

// Check if extension is installed and get version
const extensionInfo = await window.yousedditC2PA.getInfo();

// Request verification for a specific element
const verificationResult = await window.yousedditC2PA.verify(element);

// Listen for verification events
window.addEventListener('youseddit-verification', event => {
  const { element, result } = event.detail;
  // Handle verification result
});

Future Enhancements

  • Expanded Media Support: Add verification for audio quotes and transcribed video content
  • Decentralized Verification: Enable verification against multiple blockchain nodes
  • IPFS Integration: Support for content stored on IPFS with blockchain references
  • In-page Verification Badge: Allow publishers to embed verification indicators directly
  • Verification API: Provide verification as a service for third-party applications
Last modified July 6, 2025: Update deploy.yml (d65b9c1)