Build with Trusteddit PKI
Add verified content credentials to your app
Trusteddit provides C2PA content credential signing as a service. Your app generates cryptographic keys on-device, enrolls for a short-lived certificate, and signs all captured media with verifiable provenance before it ever leaves the device.
How It Works
Trusteddit sits between your app and the C2PA Trust List
Generates keys on-device. Signs media with device certificate.
Issues short-lived certificates (90-day) to enrolled app installs. Chains to the C2PA Trust List via Trusteddit-Journalist-Issuer-CA.
Verifying applications (browsers, social platforms, news readers) resolve the certificate chain and display a provenance badge to the viewer.
What Trusteddit Provides
Trusteddit operates as a C2PA-focused intermediate certificate authority. Rather than issuing a single certificate per journalist or organisation, Trusteddit issues a per-install certificate to every enrolled app instance. This means the signing key never leaves the device.
Privacy is preserved through opaque signer IDs. The certificate common name is an HMAC-derived token in the format ph_<hash>@thephenom.app that cannot be reversed to a real user identity by any external party. Only your app backend holds the mapping. This design is GDPR-compliant by construction.
When a piece of media is uploaded, your backend verifies the C2PA manifest attached by the device, then calls the Trusteddit badge-signer API to issue a second signature — a verification badge — proving that your platform reviewed and authenticated the content. Verifying applications display both signatures to the viewer.
Integration Guides
Trusteddit, a service of SanMarcSoft LLC