C2PA Setup Guide: Turning On Content Credentials on Your Camera or Phone

2026-05-07

[read_meter]

C2PA is an open standard that lets a camera or phone sign an image at the moment of capture, embedding a cryptographic record of where the photo came from. Anyone can later verify that record without trusting the platform showing them the image, the publisher posting it, or the device that captured it.

C2PA matters to us at Brevis because it’s the trust anchor our Vera tool builds on. Vera takes a C2PA-signed photo, lets you apply edits like cropping, exposure, and color adjustments, and generates a zero-knowledge proof that the published image traces back to the original capture with every transformation accounted for. We laid out the broader thinking in our Vera launch post back in March.

Cameras

Leica

Leica shipped the first C2PA camera in 2023 and uses a dedicated secure chipset for signing. Each body’s certificate is provisioned at the factory, so there’s no user-side certificate workflow.

Supported: M11-P, M11-D, SL3-S, Q3 family (via the December 2025 firmware update).
Not supported: the original SL3 (Leica explicitly excluded firmware-only solutions on security grounds).
How to enable: Menu → scroll to Sign Content (sometimes labeled Content Credentials) → toggle on. A small Content Credentials icon appears in the live view when active.
Cost: included, no subscription.
More detail: Leica’s official Content Credentials page

Sony

Sony added C2PA via firmware to its current Alpha lineup, with provisioning handled through the Sony Creators’ App on a paired phone.

Supported (stills): Alpha 1, Alpha 1 II, Alpha 9 III, Alpha 7 IV, Alpha 7S III, Alpha 7R V (firmware v3.0+ on most bodies). Cinema bodies including FX3, FX3A, FX30, and PXW-Z300 received video C2PA in late 2025.
How to enable:
1. Update camera firmware via Sony Support. The Content Credentials menu only appears after the minimum firmware is installed.
2. Install the Sony Creators’ App on your phone, sign in with a Sony account, pair via Bluetooth, and follow the in-app prompts to provision a signing certificate.
3. On the camera: Setup → Content Credentials → On.
4. Test by uploading a capture to contentcredentials.org/verify and confirming the credential is valid.
Cost: free.
Detailed walkthrough: c2pa.ai Sony guide

Nikon

Only one Nikon body currently supports consumer C2PA capture.

Supported: Nikon Z6III (firmware 2.00, August 2025).
Not supported as of May 2026: Z9, Z8, Zf. None of the spring 2026 firmware updates added it.
How to enable:
1. Apply for Nikon Authenticity Service at imagingcloud.nikon.com.
2. Update camera to firmware 2.00 or later via the Nikon Download Center.
3. Connect the Z6III to Nikon Imaging Cloud through the camera’s Network menu.
4. Setup menu → C2PA/Content Credentials → On.
Worth knowing: certificate regeneration is capped at 10 per camera body, so think twice before resetting settings.
Reference: Nikon Z6III online manual page on C2PA

Smartphones

Google Pixel 9 and Pixel 10

The cleanest mobile path right now. Every photo taken with the native Pixel Camera app is signed by default. No toggle, no setup, no account. The Pixel 10 uses Tensor G5 + Titan M2 hardware and reached Assurance Level 2, the highest tier currently defined by the C2PA Conformance Program.

How to enable: open the camera and shoot. The signing happens automatically.
Cost: free, included with the device.
More detail: Google’s announcement

Samsung Galaxy S25 series

Samsung’s implementation runs in two layers. The Snapdragon 8 Elite’s secure processing unit signs native camera captures in the background, and Samsung’s AI editing tools (Generative Edit, Sketch to Image, Portrait Studio, Drawing Assist) attach an explicit visible C2PA badge to AI-edited images, viewable in the Samsung Gallery app.

How to enable: native-camera signing is automatic. AI-edit credentials trigger when you use the Galaxy AI editing tools.
More detail: Galaxy S25 Content Credentials overview

Once your photo is signed: try Vera

The whole point of capture-signing is being able to prove what happened to the photo afterwards. That’s the gap Vera closes. Drop a Content-Credentials-signed image into the demo, apply a few transformations, and Vera generates a zero-knowledge proof that ties the final published image to the original signed capture, with every edit accounted for. Anyone can verify the proof in their browser.

If you want the longer story on the why and how, our Vera launch post walks through the broader thinking and what’s coming next.

About Brevis

Brevis is a verifiable computing platform powered by zero-knowledge proofs, serving as the infinite compute layer for Web3. Applications can offload expensive computations off-chain while proving every result on-chain. The Brevis stack includes Pico zkVM for general-purpose computation, the ZK Data Coprocessor for trustless access to historical blockchain data, Pico Prism for real-time Ethereum block proving (99.8% coverage on 16 GPUs, hitting the Ethereum Foundation’s $100K hardware target), Vera for ZK-proven media authenticity, and ProverNet, the decentralized marketplace for ZK proof generation now running on mainnet. To date, Brevis has generated 340M+ proofs across 50+ protocols on 8+ blockchains.