macOS
brew install c2patoollocal Homebrew formula metadata
brew
CLI for working with C2PA manifests and media assets. Version 0.26.69 via Homebrew; verified 2026-07-08.
install
brew install c2patoollocal Homebrew formula metadata
nix profile install nixpkgs#c2patoolnixpkgs package indexes · pkgs/by-name/c2/c2patool/package.nix · source: api.github.com
overview
CLI for working with C2PA manifests and media assets
history
c2patool is the command-line tool from the c2pa-rs project for reading, validating, creating, and embedding C2PA manifests in media assets. Its history is tied to the Content Authenticity Initiative and the Coalition for Content Provenance and Authenticity push to make media provenance machine-readable.
C2PA was founded in February 2021 by Adobe, Arm, the BBC, Intel, Microsoft, and Truepic to develop technical standards for certifying the source and history of media content. The c2pa-rs repository began with an initial public release on 23 May 2022 and became the Rust SDK and CLI implementation used by the Content Authenticity Initiative open-source tooling.
The c2patool README describes a CLI that works with C2PA manifests and audio, image, or video assets. It can read summary JSON, read detailed manifest data, add manifests to assets, use sidecar or remote manifests, inspect certificate chains, configure trust, and work with signing commands.
The tool is distributed through Homebrew for macOS, prebuilt GitHub release archives for macOS, Windows, and Linux, and source builds from the c2pa-rs repository. source_facts also records Nix packaging.
The broader adoption story is standards-driven: c2pa-rs implements part of the C2PA technical specification and CAWG identity assertion work, so the CLI serves developers, publishers, and tool builders testing Content Credentials workflows before or alongside application integration.
Common c2patool usage includes printing manifest JSON from an asset, saving manifest reports to an output directory, adding a manifest definition to a file, generating `.c2pa` sidecars, embedding remote manifest references, extracting signing certificates, and producing ingredient records for asset history.
The CLI supports a settings file, defaulting to `~/.config/c2pa/c2pa.toml` unless C2PATOOL_SETTINGS or `--settings` overrides it. Signing can be delegated to subprocess signers so private key material does not need to pass directly through the CLI in production.
c2patool is package-nerd interesting because it turns a large media-authenticity standard into a composable Unix-style inspection and signing tool. That makes C2PA manifests testable in CI, build pipelines, image-processing scripts, and release workflows.
It also shows a modern package pattern: a Rust SDK repository shipping libraries, C FFI, documentation, examples, release archives, and a CLI, all around a fast-moving standard rather than a single old protocol.
security posture
No matching local secret-handling manifest was found for c2patool. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.config/c2pa/c2pa.tomlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
c2patool | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/contentauth/c2pa-rs
install metadata
| Package key | brew:c2patool |
|---|---|
| Version | 0.26.69 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/c2patool |
| Homepage | https://contentauthenticity.org |
| Repository | https://github.com/contentauth/c2pa-rs |
| Upstream docs | https://github.com/contentauth/c2pa-rs/blob/main/cli/README.md |
| License | Apache-2.0 OR MIT |
| Source archive | https://github.com/contentauth/c2pa-rs/archive/refs/tags/c2patool-v0.26.69.tar.gz |
| Last updated | 2026-07-08T03:19:24Z |
| Pulse | updated |
| Dependencies | openssl@4 |
| Build dependencies | pkgconf, rust |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | c2patool |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
c2patool
nix profile install nixpkgs#c2patoolsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.