C2PA (Coalition for Content Provenance and Authenticity) live video validation for BMFF/MP4 containers.
Supports both segment validation methods defined in the C2PA specification:
npm i @svta/cml-c2pa
Note:
@svta/cml-iso-bmff,@svta/cml-utils, andcbor-xare peer dependencies. Most package managers install them automatically, but you may need to add them explicitly.
Note: This library uses the Web Crypto API (
crypto.subtle) for COSE signature verification and BMFF hash computation. In Node.js 20+ this is available globally. In browsers,crypto.subtlerequires a secure context (HTTPS orlocalhost).
import { validateC2paManifestBoxSegment } from '@svta/cml-c2pa'
import type { ManifestBoxValidationState } from '@svta/cml-c2pa'
let lastManifestId: string | null = null
let state: ManifestBoxValidationState | undefined
for (const segmentUrl of segmentUrls) {
const bytes = new Uint8Array(await fetch(segmentUrl).then(r => r.arrayBuffer()))
const { result, nextManifestId, nextState } = await validateC2paManifestBoxSegment(
bytes,
lastManifestId,
state,
)
lastManifestId = nextManifestId
state = nextState
console.log(result.isValid, result.errorCodes)
}
import { validateC2paInitSegment, validateC2paSegment } from '@svta/cml-c2pa'
const initBytes = new Uint8Array(await fetch(initUrl).then(r => r.arrayBuffer()))
const init = await validateC2paInitSegment(initBytes)
const segmentBytes = new Uint8Array(await fetch(segmentUrl).then(r => r.arrayBuffer()))
const validated = await validateC2paSegment(segmentBytes, init.sessionKeys)
C2PA (Coalition for Content Provenance and Authenticity) validation for BMFF/MP4 live video streams.
See
C2PA Specification