Combating Deepfake with Khatim Verification Server with C2PA

July 22, 2025 Khatim Verification Server
Khatim Verification Server - Signature Verification with C2PA Spec - combating Deepfake

Ensuring trusted media is critical for any business. In an era where misinformation spreads like wildfire, and AI-generated images and deepfake videos are indistinguishable from real ones, organizations need a reliable way to determine the authenticity of the content they use or publish. Whether it’s a news agency, a legal department, a brand running digital campaigns, or a compliance team verifying content provenance is no longer optional.

To address this, Khatim Verification Server now supports the C2PA (Coalition for Content Provenance and Authenticity) specification, providing actionable insights about who created the content, what changes were made, and whether the source is trustworthy.

This blog explores why content provenance matters, what C2PA is all about, and how businesses can integrate robust verification into their workflows.

Why Content Provenance Matters

Content provenance answers a simple but critical question: “Where did this come from, and can I trust it?”

With AI-generated content becoming indistinguishable from human-created media, the need for digital content traceability has become essential. Content provenance offers:

  • Accountability: You can identify the creator, editor, and processing steps for any media asset.

  • Transparency: You can trace changes and enhancements applied to content across its lifecycle.

  • Trust Building: Your audience gains confidence when they know your images and videos are verified.

  • Compliance: Industries like media, defense, healthcare, and government increasingly require verifiable evidence of content origin and integrity.

Without provenance, it’s difficult if not impossible to distinguish between genuine and manipulated media.

How C2PA Produces Content Provenance

C2PA embeds a digitally signed manifest inside media files that records who created or edited the content, when, and how. Each time a C2PA-compliant tool captures, edits, or exports content, it adds a new manifest with cryptographic signatures and metadata.

These manifests form a traceable chain of custody allowing anyone to verify:

  • The original source of the media
  • Any modifications made along the way
  • The identities of the contributors
  • The validity of signatures and trust chains

This ensures full transparency and tamper-evident integrity throughout the content’s lifecycle.

For a deeper look at the growing threat of deepfakes and how digital signatures and PKI can help counter them, check out our earlier blog: Deepfakes: Can Digital Signatures and PKI Save the Day?

Khatim Verification Server in Action

With Khatim Verification Server, verifying C2PA-enabled media is streamlined and policy-driven. Here’s how businesses can ensure content authenticity in 3 simple steps:

  • Set up a Verification Policy
    Enable C2PA verification in your organization’s content validation rules. You may setup just one policy which handles both C2PA and other formats like XAdES, JAdES, CAdES and ASiC.
  • Configure Trust Anchors
    Setup public certificates from trusted issuers to establish digital trust based on the digital signatures created on media files.
  • Send Media Files for Verification
    Submit media files via REST API for automated validation and provenance analysis. Your business applications like CMS, DAM, compliance tools, or custom apps can use the API to send content and receive detailed responses indicating the validity and origin of the media.

Setting up Verification Policy

Khatim PKI Server - Verification - C2PA - Policy

Setting up Trust Anchors

Khatim PKI Server - Verification - C2PA - Policy - Trust Anchors

Verification Results

All verifications can be traced back from Transaction Logs getting details regarding the signature formats, success & failure information.

Khatim PKI Server - Verification - C2PA - Transaction Logs

Verification Stats

Admins can trace all statistical information related to verification from the dashboard with success & failure information.

Khatim PKI Server - Verification - C2PA - Stats - Dashboard
Khatim PKI Server - Verification - C2PA - Trends - Dashboard

API Driven Verification

Khatim Verification Server performs the following checks during verification:

  • Detects if content provenance is present or not
  • If present then performs:
    • Digital signature validation
    • Certificate chain building
    • Revocation checking (CRL/OCSP)
    • Manifest integrity verification
    • Ingredient analysis (multi-layered edits and sources)

Here’s what the API might return:

Request

URL: https://<host:port>/verification/engine
Accept: application/form-data Content Type: application/form-data Verb: POST
"dataToVerify":"file", "policyParameters":{
"policyId":"MyProfile", "format":"C2PA"}

Response

No Content Credentials Found
No_Content_Credentials_Found
Mixed Validation Results (Tampered or Partial Validity)
[
{
"Manifest ID": "contentauth:urn:uuid:04cdf4ec-f713-4e47-a8d6-7af56501ce4b",
"Issuer DN": "C2PA Test Signing Cert",
"Certificate SN": "720724073027128164015125666832722375746636448153",
"Algorithm": "Ps256",
"Verification Status": "Not Validated"
},
{
"Manifest ID": "contentauth:urn:uuid:40f2636a-402c-4792-9da4-644a63d1f7d0",
"Issuer DN": "C2PA Test Signing Cert",
"Certificate SN": "720724073027128164015125666832722375746636448153",
"Algorithm": "Ps256",
"Verification Status": "Valid (Active)"
}
]
Multiple Valid Signatures Detected
[
{
"Manifest ID": "contentauth:urn:uuid:a7afe477-69de-403b-912c-ba62c1f6bf23",
"Issuer DN": "C2PA Test Signing Cert",
"Certificate SN": "720724073027128164015125666832722375746636448153",
"Algorithm": "Ps256",
"Verification Status": "Valid (Active)"
},
{
"Manifest ID": "contentauth:urn:uuid:04cdf4ec-f713-4e47-a8d6-7af56501ce4b",
"Issuer DN": "C2PA Test Signing Cert",
"Certificate SN": "720724073027128164015125666832722375746636448153",
"Algorithm": "Ps256",
"Verification Status": "Valid (Ingredient)"
},
{
"Manifest ID": "contentauth:urn:uuid:8f599860-7021-40af-a751-369f6a8bb66e",
"Issuer DN": "C2PA Test Signing Cert",
"Certificate SN": "720724073027128164015125666832722375746636448153",
"Algorithm": "Ps256",
"Verification Status": "Valid (Ingredient)"
},
{
"Manifest ID": "contentauth:urn:uuid:1a2e69c6-a405-4ed7-a33f-d9183ffda710",
"Issuer DN": "C2PA Test Signing Cert",
"Certificate SN": "720724073027128164015125666832722375746636448153",
"Algorithm": "Ps256",
"Verification Status": "Valid (Ingredient)"
}
]

Final Thoughts

Media trust is becoming a foundational layer of digital communication. With C2PA and Khatim Verification Server, businesses can move beyond guesswork and watermarking to cryptographically verifiable truth. This enables secure journalism, credible branding, regulatory compliance, and ultimately a safer digital ecosystem.

✅  Explore more about the standard: C2PA | Providing Origins of Media Content
✅ Ready to bring trust to your images and videos?

Get in touch to learn more about integrating C2PA verification in your business.

WANT TO SEE PKI IN ACTION?

Test drive Khatim Verification Server and explore its powerful features.

Request for Download
Tags: