Introduction
Tauth is a self-hosted C2PA media provenance platform. It lets you attach signed provenance data to images, videos, and documents and anchor those signatures on-chain so anyone can verify them on their own.
What problem does it solve?
In an era of generative AI, knowing who created a file, when, and with what tool is increasingly critical. Tauth answers these questions by:
- Embedding a C2PA manifest directly into the file's binary (JUMBF format for images).
- Signing the manifest with an ES384 key stored in Azure Key Vault. The private key is never exported.
- Writing the file hash to Ethereum so the signature can be re-verified years later even without access to Tauth.
Architecture overview
Browser / API client
│
▼
FastAPI backend (port 8003)
├── /auth/* JWT + refresh tokens
├── /v1/media/* upload / sign / verify
└── /org/* users, API keys
│
├── Azure Key Vault (ES384 signing)
├── PostgreSQL (assets, users, orgs)
└── Ethereum Sepolia (on-chain registry)
PKI services
├── crl.tauth.io nginx serving /var/www/crl/{leaf,sub-ca}.crl
└── ocsp.tauth.io FastAPI OCSP responder (port 8080)Key standards
| Standard | Usage |
|---|---|
| C2PA 1.3 | Manifest format embedded in media files |
| RFC 6960 | OCSP protocol for real-time cert status |
| RFC 5280 | X.509 PKI and CRL format |
| ES384 (ECDSA P-384) | Signing algorithm for all keys |
Next steps
- Quickstart: run the stack locally in 5 minutes
- Python SDK: integrate in your Python application
- JavaScript SDK: integrate in your JS/TS application