C2PA

C2PA Content Credentials: What They Are, Who Embeds Them, How to Remove Them

Q: What is JUMBF?

JUMBF (JPEG Universal Metadata Box Format) is the container format used to embed C2PA data in JPEG files. It lives in the APP11 marker, identified by byte sequence FF EB. Inside JUMBF are Content Blocks (cb) that contain assertions about the image origin, signing certificates, and provenance claims.

Q: Can C2PA data be removed without affecting image quality?

Yes. C2PA data is stored in separate binary segments from the image pixels. StripShot removes C2PA JUMBF blocks from JPEG and caBX/caMs/caSt chunks from PNG without touching pixel data. Zero quality loss.

Q: Does removing C2PA break digital signatures?

The C2PA signature validates the chain of custody. Removing the C2PA block removes the signature with it. The image can no longer be verified as coming from that AI tool. This is the intended effect of removal.

Q: Will removing C2PA affect image metadata more broadly?

No. C2PA lives in dedicated segments separate from EXIF, XMP, and IPTC. Removing C2PA does not affect other metadata. StripShot can remove C2PA alone or in combination with other metadata types.

Published April 2026

C2PA Content Credentials are the reason your Adobe Firefly images get labeled "Made with AI" on Instagram and Facebook. They are not hidden. They are a deliberately designed standard for declaring AI-generated content. Understanding how they work makes removing them straightforward.

What C2PA actually is

C2PA (Coalition for Content Provenance and Authenticity) is a technical standard created by a consortium that includes Adobe, Microsoft, Intel, Arm, BBC, Sony, and Truepic. The goal is to create a verifiable chain of custody for digital media: you should be able to trace where an image came from, who edited it, and whether AI was involved.

When an AI tool embeds C2PA credentials, it creates a signed manifest containing assertions about the image. These assertions include the generating software, the type of creation (AI-generated vs. edited), the timestamp, and a hash of the original image data. The manifest is signed with a cryptographic certificate so it cannot be tampered with after creation.

Platforms like Instagram, Facebook, and LinkedIn are C2PA members. They read this manifest and surface its contents as the "Made with AI" label.

Where C2PA data lives in files

JPEG file structure:

FF D8 FF E0

APP0 (JFIF marker)

FF E1 ...

APP1 (EXIF data)

FF EB ...

APP11 (C2PA JUMBF block) <-- this is what StripShot removes

Contains: caBX, caMs, caSt content blocks

FF DA ...

SOS (image data - never touched)

For PNG files, C2PA lives in dedicated chunks with type codes caBX (Content Authenticity Box), caMs (CA Manifest), and caSt (CA Store). These chunks appear in the PNG chunk sequence before the IEND chunk.

Which tools embed C2PA

Adobe Firefly

JPEG APP11 (JUMBF) + PNG caBX/caMs/caSt

Always embedded. Cannot be disabled in standard Firefly exports.

Adobe Photoshop Generative Fill

JPEG APP11 (JUMBF)

Embedded when using AI generation features. Standard edits may not include C2PA.

DALL-E (ChatGPT)

JPEG APP11 (JUMBF) in newer exports

Embedding varies by export path. Downloaded images from ChatGPT may include C2PA.

Microsoft Copilot Designer

JPEG APP11 (JUMBF)

C2PA embedded by default. Microsoft is a founding C2PA member.

Stable Diffusion / ComfyUI / Automatic1111

Typically not C2PA

SD does not embed C2PA. It embeds generation parameters in PNG text chunks and EXIF, which require separate removal.

Midjourney

Typically not C2PA

Midjourney embeds prompts and seeds in EXIF but does not currently embed C2PA credentials.

Flux

Varies by export path

ComfyUI-based Flux exports may include workflow data but not standard C2PA credentials.

How StripShot removes C2PA

StripShot reads the raw binary stream of your file. For JPEG, it walks the APP marker chain and removes the APP11 (0xFF 0xEB) block entirely. For PNG, it reads the chunk sequence and excludes caBX, caMs, and caSt chunks from the output. The image data (JPEG SOS, PNG IDAT) is never modified.

The result: the signed C2PA manifest is gone. No tool can verify it because there is nothing to verify. Instagram has no C2PA data to read. The label does not appear.

Remove C2PA credentials from your images

Binary-level C2PA removal. JUMBF and PNG chunk stripping. Zero quality loss. Free.

Open StripShot Full C2PA guide

FAQ

What is C2PA?

C2PA (Coalition for Content Provenance and Authenticity) is an open technical standard for embedding signed provenance metadata into media files. It was developed by Adobe, Microsoft, Intel, Arm, BBC, and others to track the origin and history of digital content. When an AI tool embeds C2PA credentials, it signs a digital certificate declaring the image as AI-generated.

What is JUMBF?

JUMBF (JPEG Universal Metadata Box Format) is the container format used to embed C2PA data in JPEG files. It lives in the APP11 marker, identified by byte sequence FF EB. Inside JUMBF are Content Blocks (cb) that contain assertions about the image origin, signing certificates, and provenance claims.

Can C2PA data be removed without affecting image quality?

Yes. C2PA data is stored in separate binary segments from the image pixels. StripShot removes C2PA JUMBF blocks from JPEG and caBX/caMs/caSt chunks from PNG without touching pixel data. Zero quality loss.

Does removing C2PA break digital signatures?

The C2PA signature validates the chain of custody. Removing the C2PA block removes the signature with it. The image can no longer be verified as coming from that AI tool. This is the intended effect of removal.

Will removing C2PA affect image metadata more broadly?

No. C2PA lives in dedicated segments separate from EXIF, XMP, and IPTC. Removing C2PA does not affect other metadata. StripShot can remove C2PA alone or in combination with other metadata types.

Related guides

C2PA Guide

C2PA Removal Step-by-Step

Firefly

Remove Firefly Metadata

Tool

C2PA Checker

Instagram

Remove Instagram AI Label