⚛ c2pa-probe by SSL.com

Find out who signed this image — and whether you can trust them.

Drop in any photo. We check who made it, what tools they used, whether anything's been edited since, and whether the cryptographic signature on the file still holds up against a public certificate authority.

drop an image here, or click to pick PNG, JPEG, WebP, GIF, HEIC up to 25 MB

Add to recents — uncheck to keep this probe out of the public /recent list. Heads-up: uploaded images keep their EXIF metadata, and we may briefly send the image to OpenAI to generate a one-line caption when you don't supply your own prompt.

No image handy?

We'll roll a fresh prompt with our generator, ask OpenAI for an image, then probe the result end to end.

What does this tool actually do?

Reads the manifest. Most C2PA-signed images carry a small "Content Credential" block alongside the pixels: who created it, what tools they used, and a list of edits.
Walks the cert chain. The manifest is signed by an X.509 certificate. We follow the chain up to a public root CA and check every link.
Checks revocation. A signing certificate can be cancelled by its issuer. We query both OCSP and the offline CRL.
Verifies the timestamp. A trusted timestamp authority (TSA) co-signs the file at signing time. We check that signature too.
Tells you the verdict. Plain English: who signed it, when, whether you can trust the signer's identity, and what edits are recorded.

A green verdict means the bytes haven't changed since signing and the signer's certificate is valid. It does not mean the image depicts reality — only that whoever signed it is who they say they are. If the signer's name doesn't ring a bell, treat the verdict as a receipt, not a guarantee.