Skip to main content

Prerequisites

Rust

This sample code is tested with Rust version 1.89.0.

C2PA tool

Follow this link to install C2PA tool.

The sample code given in this document works with C2PA TOOL version 0.9.4. If you have Rust installed in your system, run either of the below commands from your default directory to install the C2PA tool.

cargo install c2patool --version 0.9.4 --force

or

cargo install c2patool --version 0.9.4

DigiCert ONE account

DigiCert ONE account with access to the Content Trust Manager (currently available on the demo environment).

User certificate

Contact the DigiCert​​®​​ team to request an image signing user certificate. Visit Content Trust > Certificates on the demo environment to view your certificate credential details. You are not required to verify your identity to get a user certificate.  

You use your user certificate to authenticate your identity while making calls to image signing APIs. The identity of the client is authenticated using the client authentication certificate.

Client authentication certificate

To create a Client authentication certificate:

  1. Sign in to DigiCert ONE.

  2. In the top-right corner, select the profile icon > Admin profile > Client authentication certificates.

  3. Select Create client authentication certificate

  4. Provide the following information:

    1. Nickname

      This name is the display name on the Admin details page in the Authentication certificates section. The name must be unique and only include letters, numbers, spaces, dashes, and underscores.

    2. End date

      Enter the certificate expiration date.  

      Note when the authentication certificate expires. You must generate a new certificate and update all API integrations using the certificate before it expires. If you don't, the API token integration will stop working.

    3. Encryption

      Select an encryption algorithm to use for securing communications. DigiCert recommends AES (Advanced Encryption Standard), which is the default selection.

    4. Signature hash algorithm

      Select a hash function to use for verifying data integrity. DigiCert recommends SHA-256, which is the default selection.

    5. Select Generate certificate.

    6. Copy the certificate's password and store it in a secure location. You will need to use it later when installing the certificate or using it in your certificate request. This password is required for installation and API requests. You will not be able to retrieve it later.

    7. Select Download certificate. You cannot download it again. If lost, you must generate a new certificate.

    8. Remember the file path to your client authentication certificate, you will need to reference it later.

    9. Select Close.

PIN

You will receive an email with the subject line of Sign with your digital ID once your user certificate is created. This email includes the PIN associated with your user certificate via email. Make sure you keep this email safe so that you can easily retrieve it for signing images.

Credential ID

Your credential ID is the nickname of User certificate in Content Trust Manager. Copy the user certificate nickname and use it in your request body.

To copy your credential ID:

  1. In the Content Trust menu, select Certificates.

  2. Hover your cursor over certificate nickname.

  3. Select the Copy icon.

Certificate chain

The certificate chain you download contains certificate chain, intermediate certificate, and root values.

To download certificate chain:

  1. In the Content Trust menu, select Certificates > User certificates.

  2. Select the credential nickname with which you want to sign.

  3. In the Credential details page, navigate to Certificate details.

  4. Select Download certificate chain to download certificate chain, intermediate certificate, and root.

  5. Open the downloaded certificate chain (chain.pem file) in a text editor such as Notepad++ and save the file.

In this section: