C2paSigningSettings interface

Configures C2PA (Content Provenance and Authenticity) signing of CMAF or MoQ output segments. When set on an output, every init segment and media segment is signed in-process before being delivered to its destination.

Signature:

export interface C2paSigningSettings

Properties

Property Type Description

Property	Type	Description
alg	string	Signing algorithm. Must match the supplied certificate. One of: "ps256", "ps384", "ps512", "es256", "es384", "es512", "ed25519".
chainOfTrust?	boolean	(Optional) When `true`, this signer operates in derived mode: every output segment is expected to be derived from a C2PA-verified input segment, and each output segment carries a `parentOf` C2PA ingredient referencing the upstream manifest. When the upstream input has no verified parent for a given segment (verification not configured, verification failed, or warm-up gap), the segment is signed unchained and a `c2pa_chain_dropped` notification fires on the SDK’s NorskSettings.onNotification stream so the gap is observable. When `false` (default), this is a root signer: it signs whatever it’s given, no chain-of-trust expectation, no notification on missing parent. Use `false` on an output whose input is unsigned; use `true` on an output downstream of a C2PA-verifying ingest.
privateKeyPath	string	Path to a PEM-encoded private key file readable by the Norsk Media process. Not the key contents.
scheme?	C2paScheme	(Optional) Selects which C2PA live-video signing method to use. Defaults to `"segmentManifestBox"` (§19.3) for backwards compatibility. - `"segmentManifestBox"`: Per-segment C2PA Manifest Box embedded in a `uuid` box on every signed media segment. Continuity tracked via a `c2pa.livevideo.segment` assertion. Larger per-segment overhead. - `"verifiableSegmentInfo"`: §19.4. The C2PA Manifest is carried only on the init segment (with a `c2pa.session-keys` assertion binding an Ed25519 session key to the manifest signer); each media segment is prepended with a small COSE_Sign1 `emsg` box signed by the session key. Per-segment overhead is much smaller than §19.3. Per-segment chain-of-trust (the flag) is only supported under `"segmentManifestBox"` — §19.4 segments carry no per-segment manifest. Combining `chainOfTrust: true` with `scheme: "verifiableSegmentInfo"` is rejected at config time.
signCertPath	string	Path to a PEM-encoded signing certificate file readable by the Norsk Media process. Not the certificate contents.
streamId	string	Identifier embedded in every signed segment’s c2pa.livevideo.segment assertion. Should be unique per logical stream so downstream validators can correlate the sequence chain.
taUrl?	string	(Optional) Optional Time Authority URL for timestamping signatures. If omitted, the C2PA_TA_URL environment variable is consulted, and if also unset, the manifest is signed without a timestamp token.
validityPeriodSecs?	number	(Optional) Validity window (in seconds) advertised in the §19.4 `c2pa.session-keys` assertion. Ignored when `scheme` is `"segmentManifestBox"`. Defaults to 86400 (24 hours).

alg

string

Signing algorithm. Must match the supplied certificate. One of: "ps256", "ps384", "ps512", "es256", "es384", "es512", "ed25519".

chainOfTrust?

boolean

(Optional) When true, this signer operates in derived mode: every output segment is expected to be derived from a C2PA-verified input segment, and each output segment carries a parentOf C2PA ingredient referencing the upstream manifest. When the upstream input has no verified parent for a given segment (verification not configured, verification failed, or warm-up gap), the segment is signed unchained and a c2pa_chain_dropped notification fires on the SDK’s NorskSettings.onNotification stream so the gap is observable.

When false (default), this is a root signer: it signs whatever it’s given, no chain-of-trust expectation, no notification on missing parent. Use false on an output whose input is unsigned; use true on an output downstream of a C2PA-verifying ingest.

privateKeyPath

string

Path to a PEM-encoded private key file readable by the Norsk Media process. Not the key contents.

scheme?

C2paScheme

(Optional) Selects which C2PA live-video signing method to use. Defaults to "segmentManifestBox" (§19.3) for backwards compatibility.

- "segmentManifestBox": Per-segment C2PA Manifest Box embedded in a uuid box on every signed media segment. Continuity tracked via a c2pa.livevideo.segment assertion. Larger per-segment overhead.

- "verifiableSegmentInfo": §19.4. The C2PA Manifest is carried only on the init segment (with a c2pa.session-keys assertion binding an Ed25519 session key to the manifest signer); each media segment is prepended with a small COSE_Sign1 emsg box signed by the session key. Per-segment overhead is much smaller than §19.3.

Per-segment chain-of-trust (the flag) is only supported under "segmentManifestBox" — §19.4 segments carry no per-segment manifest. Combining chainOfTrust: true with scheme: "verifiableSegmentInfo" is rejected at config time.

signCertPath

string

Path to a PEM-encoded signing certificate file readable by the Norsk Media process. Not the certificate contents.

streamId

string

Identifier embedded in every signed segment’s c2pa.livevideo.segment assertion. Should be unique per logical stream so downstream validators can correlate the sequence chain.

taUrl?

string

(Optional) Optional Time Authority URL for timestamping signatures. If omitted, the C2PA_TA_URL environment variable is consulted, and if also unset, the manifest is signed without a timestamp token.

validityPeriodSecs?

number

(Optional) Validity window (in seconds) advertised in the §19.4 c2pa.session-keys assertion. Ignored when scheme is "segmentManifestBox". Defaults to 86400 (24 hours).