WebP Content Provenance
Sign, embed, and verify C2PA manifests in WebP files (.webp)
What Is WebP Provenance?
Modern web image format developed by Google, offering superior compression. WebP provenance covers the growing share of web images served in this format.
With Encypher, WebP files carry their own cryptographic proof of origin. A C2PA manifest is embedded directly into the file, recording who created it, when, and whether it has been modified. Anyone can verify a signed WebP file for free, without authentication.
How C2PA Manifests Are Embedded in WebP Files
- MIME Type
- image/webp
- File Extensions
- .webp
- Embedding Method
- JUMBF data stored in a RIFF-based WebP container chunk
- Container Type
- JUMBF (RIFF)
- Verification Pipeline
- c2pa-python (native C2PA library support)
The C2PA manifest contains a JUMBF (JPEG Universal Metadata Box Format) store with COSE-signed claims. For WebP files, the manifest is stored using jumbf data stored in a riff-based webp container chunk. The signing process does not alter the image content itself. The manifest is metadata, not a modification of the pixels.
Use Cases for WebP Provenance
- Web publishing
- CMS-delivered images
- Performance-optimized sites
- CDN-served content
How to Sign WebP Content with Encypher
WebP signing is available at the Enterprise tier through the unified /sign/media API endpoint. Upload your WebP file, and the API returns a signed copy with an embedded C2PA manifest.
curl -X POST https://api.encypher.com/api/v1/sign/media \ -H "Authorization: Bearer YOUR_API_KEY" \ -F "file=@example.webp" \ -F "title=My WebP Content" \ -F "action=c2pa.created" \ -o signed.webp
Verify WebP Provenance (Free)
Verification is free and requires no authentication. Any third party can verify a signed WebP file to confirm its origin, check for tampering, and read the embedded rights information.