c2pa-js
c2pa-js copied to clipboard
contentauth
Failed verification with ed25519 signed image with c2patool
Hello! I am trying to sign image with CAI information with ed25519 cryptographic algorithm. I used private key and certificate from c2pa-rs library main branch at b167baeb3faa78f3a5b9f0e7cf6e197b81ac095b commit. I have added manifest to the image with c2patool according with section "Adding a manifest to an asset file". I noticed that the result picture verifies normally with c2patool, but it fails on verification site. I also repeated the same actions with another keys and certificates (ps256.pem, ps256.pub and es384.pem, es384.pub) from c2pa-rs examples and it worked just fine for both c2patool and verification site.
Can you please clarify if I am doing something wrong? All the files that I used are attached here: artifacts.zip
Validation signed_image.jpg with verification site:
Validation signed_image.jpg with c2patool:
Hello @SoftAvocado, unfortunately we don't currently support Ed25519 since WebCrypto doesn't currently have support for it. We have an issue in the https://github.com/contentauth/c2pa-rs project to build this into WASM via WebAssembly, but we haven't prioritized it yet. Let me check in with the team regarding prioritization.
Regardless, we should call this out in the c2pa-js documentation, which we will do shortly.
@dkozma, thank you for your reply. I'll be looking forward for Ed25519 support implementation.
:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/CAI-3386 is successfully created for this GitHub issue.
