You can test creating your own manifests using the pre-built certificates in the sample folder. To use your own generated certificates, specify the path to the cert files in the following manifest fields:
private_keysign_cert
If you are using a signing algorithm other than the default es256, specify it in the manifest definition field alg with one of the following values:
ps256ps384ps512es256es384es512ed25519
The specified algorithm must be compatible with the values of private_key and sign_cert.
You can put the values of the key and cert chain in two environment variables: C2PA_PRIVATE_KEY (for the private key) and C2PA_SIGN_CERT (for the public certificates). For example, to sign with ES256 signatures using the content of a private key file and certificate file:
set C2PA_PRIVATE_KEY=$(cat my_es256_private_key)
set C2PA_SIGN_CERT=$(cat my_es256_certs)Both the private_key and sign_cert must be in PEM format. The sign_cert must contain a PEM certificate chain starting with the end-entity certificate used to sign the claim ending with the intermediate certificate before the root CA certificate. See the sample folder for example certificates.