The only way for scaled enterprises to get C2PA certificates

Truepic’s certificate authority gets you signing in moments, without having to understand and configure complex certificate requirements.

Express Business Interest

Trusted by global enterprises

How it works


We assess each implementation to guarantee its suitability for the intended C2PA use case.


Enrollment is instant. Our certificate authority works out of the box with our signing tools, including CLI and mobile SDKs.


Once enrolled, the certificate is ready to sign within our CLI or SDK, automatically. Or, use the certificate PEM file in your tool of choice.

BenefitsSign securely with Truepic’s certificate authority

Trusted by C2PA

Truepic’s certificate authority is the first and only purpose-built CA for C2PA that is commercially available to enterprises, including C2PA members.

Easy to use

With our built-in certificate authority, we simplify complex configurations with secure key generation, revocation handling, security requirements, compliance, and more!

Unrivaled flexibility

We offer short-duration key/certificate enrollment, without passing cost increases onto customers, reducing the risk of a security vulnerability in a master key that requires rotation, invalidating historically signed images.

Secure, everywhere

We stand alone in providing seamless support across platforms for automatic key provisioning, rotation, and integrations with key management providers, like Azure Key Vault and AWS Key Management Service.


Soc 2 Type II, ISO 27001, ISO 9001, as well as full compliance with C2PA-mandated certificate authority requirements.

Trusted SignaturesAlert-free authenticity

Ensure uncompromised credibility for your media with Truepic’s trusted certificate authority in the Content Credentials Verify tool.

When verifying a C2PA-signed image, the Verify tool alerts you if the certificate authority is untrusted. This alert is absent when your media is signed with Truepic certificates, offering a seamless and secure verification process.


  • Can your certificates be used with another signing product?
    Yes. Our rigorous vetting process ensures that you are using the certificate for a valid use case. Although we highly recommend our CLI and SDKs for the most seamless experience, once approved, you have the flexibility to use the certificate in our products, open-source projects, or even your own homegrown solutions.
  • Should I build my own certificate authority?
    Truepic has already built its own CA so that you don’t have to! We empower you to focus on your core business and what you do best, leaving the complexities of the C2PA to us. Utilizing Truepic’s certificate authority saves you months of paperwork, eliminates five to six figures of setup costs, reduces developer resource allocation, and ensures compliance, including seamless collaboration with the C2PA.
  • What does it cost?
    Contact us for pricing and packages.
  • Do I have to purchase certificates separately for use in your mobile SDKs or CLI?
    No, the cost of using our products includes certificates. Our mobile SDKs automate the enrollment of each device for certificates, eliminating the need for any developer intervention.

Let’s start building on authenticity

Increase trust and transparency at scale with Truepic’s transparency tools.

Get Started

Request more information