What Trust Systems Does

Trust Systems lets you attach your identity to your artwork so anyone can verify it came from you. Seal means signed by this app: when you seal an image, Trust Systems embeds a signed C2PA manifest. An artwork can also be signed by any C2PA-compliant app; Seal specifically means done by Trust Systems. The manifest includes your name, title, and optionally a link to a physical NFC tag. The manifest travels with the file and cannot be removed without breaking the signature.

You can also write NFC tags (NTAG 424 DNA) so that when someone taps a tag on your artwork, their phone opens a verification URL with secure proof that the tap is authentic. The tag links the physical object to the sealed digital asset.

The underlying standard is C2PA (Coalition for Content Provenance and Authenticity). Sealed images can be verified by other C2PA tools and by this app’s Inspector.

Images live on your file system; the app stores metadata and links, not copies. Moving or deleting files outside the app can break those links.

Full Artist Workflow

Recommended order of operations for a complete artwork with physical tag:

1. Unlock the vault — Enter your master password. The vault stores identities, drafts, and tag records locally and encrypted.
2. Create an identity — In Identity, create a profile (name, organization, country). Set it active. You need at least one identity before sealing.
3. Bind a tag (optional) — In Tags, hold a factory-default NFC tag on the reader, click + Scan Tag or Rescan, then Bind Tag. This personalizes the tag with your verification URL and SDM. Skip if you already have a bound tag.
4. Add artwork — In Artworks, click + Add Artwork and select an image. Or go to Seal and drop/browse for an image, then Save as Draft.
5. Seal artwork — In Seal, load the artwork, fill Title and Author. Optionally select a tag to embed the physical link in the signed manifest. Click Seal Artwork. A signed copy (e.g. filename_charmed.jpg) is saved next to the original.
6. Update tag — After sealing with a tag, go to Tags, select that tag, and click Update Tag. Hold the tag on the reader. This writes the verification URL, IPFS CID, and manifest ID to the NFC chip so that tapping the tag opens a verifiable link to your artwork.
7. Verify — In Inspector, open a sealed image to confirm provenance, signer, and vault correlation.
8. Transfer (optional) — After verifying, you can transfer ownership to a trusted contact. The new owner is recorded in the manifest.

You can seal without a tag (digital-only) or bind/write tags without sealing (e.g. to prepare tags in advance). The workflow above is for the full physical + digital path.

Linking a Tag to an Artwork

There are two ways to connect an artwork and a tag. Each has a different effect on provenance strength.

Option 1: Link at seal time (strongest). When you seal an artwork, select a tag in the Tag dropdown. The physical link is embedded directly in the signed manifest inside the image file. Any C2PA verifier — this app, Adobe Content Credentials, or others — can see the connection between your artwork and tag. After sealing, go to Tags and click Update Tag to update the NFC chip with the artwork details.

Option 2: Link after sealing. In Tags, select an enrolled tag and use Link Artwork to assign a sealed artwork. This updates the NFC chip immediately so tapping the tag opens a link to your artwork. However, because the image was already sealed, the physical anchor is not inside the signed manifest. Trust Systems' Inspector will still show the link (from your vault records), but external C2PA verifiers will not.

For the strongest provenance — where the physical tag and digital artwork are cryptographically bound together in the manifest — use Option 1. Use Option 2 when you've already sealed and want to connect a tag afterward without re-sealing.

Where Things Are

The sidebar has seven items:

• Artworks — Your vault of artwork records. Each card is a draft or certified piece. Click to load into Seal.
• Seal — The sealing workflow. Drop or browse for an image, fill metadata, optionally select a tag, then Seal Artwork.
• Tags — Manage NFC tags. Rescan to detect a tag, Bind Tag for new tags, Link Artwork to assign and write an artwork to the chip, Update Tag to update NDEF. Release Tag to give up control.
• Inspector — Verify sealed images. See manifest, timeline, IPFS CID, and vault correlation.
• Contacts — Import public certificates from people you trust. Required for transfers.
• Identity — Manage creator profiles, set active identity, export certs, back up keys, charm.farm integration.
• Help — This page.

At the bottom: Lock Vault clears the session.

Terms

Vault

Encrypted local storage for your identities, drafts, and artwork records. Protected by your master password.

Seal

Signed by Trust Systems. A sealed file is one that this app signed. An artwork can be signed by any C2PA-compliant app; Seal means done by Trust Systems specifically. The sealed file is a new copy; the original is unchanged.

Charmed

Sealed with a charm.farm identity. When you seal using a charm.farm profile, the output gets a _charmed suffix (e.g. filename_charmed.jpg). The Inspector shows a charm.farm badge for charmed assets.

Identity / Profile

A creator profile with name, organization, and country. Each profile has a private key and optional certificate chain used for signing.

Active identity

The profile currently used for sealing and transfers. Shown in Identity and indicated in the profile selector.

charm.farm

A verification service. You can generate a CSR (Certificate Signing Request) and submit it for approval. Once approved, you import the signed chain to upgrade your profile to charm.farm trusted.

Tag

An NFC tag (NTAG 424 DNA) bound to your identity. Can be linked to an artwork at seal time (embedded in the manifest) or afterward via Link Artwork (vault and NFC only).

Bind Tag

To personalize a factory-default tag with your verification URL and SDM. Makes the tag yours.

Link Artwork

To assign a sealed artwork to an enrolled tag after sealing. Updates the vault and writes the NFC chip, but does not change the signed manifest in the image file.

Update Tag

To write NDEF content to a tag. When the tag is linked to an artwork, the verification URL includes the artwork's IPFS CID and manifest ID. Required after sealing with a tag to update the NFC chip.

Release Tag

To give up control of a tag. Clears identity and artwork link. Someone else can Claim it.

Manifest

The signed record embedded in the image. Contains claims about authorship, actions, and optional physical anchor.

Verify

To check that a sealed image's manifest is valid and to view its provenance. Inspector performs verification.

Transfer

To record a change of ownership. The new owner is added to the manifest. Only possible to trusted contacts.

Match / Orphan

After verification: Match means the image corresponds to a vault record; Orphan means the signature is valid but no local record was found.

Artworks (Vault)

Cards show drafts and certified pieces with title, author, and status. The vault stores metadata and paths; files stay on disk. Click a card to load into Seal. Certified items have a manifest ID and IPFS CID (when sealed). Removing deletes only the record, not the file.

Seal

Drop or browse for an image. Fill Title and Author. Tag is optional — select a bound tag to embed the physical link directly in the signed manifest. This is the strongest way to connect your artwork and tag. Save as Draft stores without sealing. Seal Artwork creates a signed copy next to the original (e.g. filename_charmed.jpg for charm.farm identities). After sealing with a tag, go to Tags and click Update Tag to update the NFC chip.

If you seal without selecting a tag, you can still link one later from the Tags page using Link Artwork. See "Linking a Tag to an Artwork" above for the difference between these two approaches.

Tags

Manage NFC tags (NTAG 424 DNA). Hold a tag on the reader and click Rescan to detect it. For factory-default tags: set the verification URL (defaults to charm.farm/tap), then Bind Tag to personalize. For tags you control: Link Artwork assigns a sealed artwork and writes the NFC chip in one step. If already linked to an artwork, Update Tag updates the NFC chip with the artwork's CID and manifest ID. Release Tag gives up control and clears the artwork link. Claim Tag takes a released tag for your identity.

Inspector

Drop or browse for a sealed image. The Inspector validates the manifest and shows a timeline (created, published, transferred). Status pills show C2PA validation (Success, Untrusted, Failure) and vault correlation (Match, Orphan). IPFS CID is shown when present. Transfer Asset is enabled after a successful verify.

Identity

Create profiles with name, organization, and country. The profile selector lists all; charm.farm ones are labeled (charm.farm). Use Set Active to switch. Export your public certificate to share. Export Private Key Backup saves a PEM for recovery—store securely. Under charm.farm Integration: generate a CSR, submit for approval, then import the signed chain to upgrade.