TL;DR: When you use Generative Fill in Photoshop with Content Credentials enabled, Photoshop attaches a C2PA manifest to the export — a cryptographically signed record of what tool touched the file and that Adobe Firefly generated some of the pixels. The manifest is stored as a JUMBF box: inside a JPEG it rides in one or more APP11 marker segments; inside a PNG it sits in a caBX chunk before the image data. It holds assertions (in JSON or CBOR), a claim, and a COSE signature. Opening the file in Metadata Cleaner and clicking Clean rewrites the file and removes that manifest store along with EXIF and XMP, without re-compressing the picture. What stripping the embedded manifest does not do: erase a durable Content Credential that Adobe also stored in the cloud and watermarked into the pixels, which can be recovered by lookup.
So you healed out a stray power line with Generative Fill, exported the JPEG, and figured that was the end of it. Photoshop quietly disagreed. It signed a little notarized statement saying an AI tool was here, wrapped it in cryptography, and tucked it inside your file. We think you should know it's there and be able to decide whether it travels with the image.
This post covers what Content Credentials actually are, what Generative Fill writes into the file, how to remove the embedded manifest, how to confirm it worked, and the part most write-ups skip — what removal does not reach.
What Does Photoshop Embed When You Use Generative Fill?
Content Credentials are Adobe's implementation of C2PA — the Coalition for Content Provenance and Authenticity standard — under the Adobe-led Content Authenticity Initiative. When the feature is enabled and you use a Firefly-powered tool such as Generative Fill, Photoshop attaches a signed provenance record to the file at export. For assets where the whole image is generated by Firefly, Adobe attaches Content Credentials automatically.
That record is not loose text sitting in an EXIF field. It is a structured object called a manifest, and it is built to be tamper-evident. A manifest carries three things: a set of assertions (statements such as "this was created with Adobe Photoshop" and "Adobe Firefly generative AI was used"), a claim that binds those assertions to the specific bytes of the file, and a digital signature over the claim. The assertions are encoded in JSON or CBOR, and the signature uses COSE — the same signing format used across the C2PA ecosystem, typically with an ECDSA P-256 key. The point of the signature is that anyone who later reads the file can confirm the credential hasn't been altered.
Where does all of that physically live in the file? In a JUMBF box — the JPEG Universal Metadata Box Format. The C2PA specification defines exactly how that box is carried per format. In a JPEG, the manifest store is written into APP11 marker segments; because a single JPEG marker segment maxes out at 65,535 bytes, a larger manifest is split across several contiguous APP11 segments. In a PNG, the manifest store goes in an ancillary caBX chunk, which the spec recommends placing before the IDAT image-data chunks. Either way, it is a distinct block sitting alongside your pixels, not baked into them — which is exactly why a clean rewrite of the file can remove it. (Here's our fuller explainer on what C2PA is and how it travels.)
Photo by Antonio Batinić on Pexels.
One thing worth being precise about, because a lot of advice gets it wrong: Content Credentials do not grade the size of your edit. Healing a single dust speck with Generative Fill produces the same kind of "Firefly was used" assertion as generating an entire synthetic background. The manifest records that a generative tool ran, not how much of the frame it changed. If you used Generative Fill at all on an image you exported with credentials on, the credential says so.
Are Content Credentials the Same Thing as C2PA?
Close enough that the terms get used interchangeably, but it's worth separating them. C2PA is the open technical standard — the specification that defines the manifest format, the JUMBF container, and how the box is embedded in each file type. Content Credentials is Adobe's brand name for its products built on that standard, plus the public-facing presentation: the little "Cr" icon and the human-readable history you see in Adobe's Verify tool. When Photoshop writes a credential, it is writing a C2PA manifest. When Verify reads one back, it is parsing C2PA.
This matters for removal because it tells you what you're actually deleting. Stripping "Content Credentials" from a Photoshop export means removing the C2PA manifest store from the file. It is the same removable layer we cover for AI image generators in Midjourney, DALL-E, and Stable Diffusion EXIF and in our general guide to C2PA Content Credentials removal — Photoshop just happens to be one of the most consistent tools at writing it.
How to Remove Photoshop Content Credentials
The removal itself takes a few seconds. Metadata Cleaner runs entirely inside your browser tab — the file's bytes are read into memory and written back to disk locally, never uploaded to a server, which is the same architecture behind everything else we build.
- Open Metadata Cleaner in any browser. Desktop or mobile both work; there is nothing to install and no account to create.
- Drag your exported JPEG, PNG, or TIFF into the drop zone, or tap to pick it on a phone. The file loads into the tab's memory.
- Click Clean. The tool rewrites the file and removes the C2PA manifest store — for a JPEG it drops the
APP11segments holding the JUMBF box; for a PNG it removes thecaBXchunk — along with the EXIF, XMP, and IPTC metadata blocks. The pixel data is copied through unchanged. - Click Download. The cleaned image lands back in your downloads, visually identical to the file Photoshop gave you.
The picture is byte-for-byte the same after the clean. Removing the manifest does not re-encode the JPEG or re-filter the PNG; it edits the metadata blocks that sit beside the image stream, so there is no second round of compression and no quality loss. A typical export cleans well under a second.
A note on doing this at the source: if you'd rather not write the credential in the first place, Photoshop's own Export As dialog has a Content Credentials section where you choose whether to attach credentials to the file. That controls the embedded copy going forward. It does not retroactively clean files you already exported, and as the next section explains, it is not the whole story.
Photo by Maurício Mascaro on Pexels.
How to Verify the Content Credentials Are Gone
Trusting a tool is fine; checking it is better. Three ways to confirm the manifest is no longer in the file, in rising order of authority:
- Adobe's Verify tool. Upload the cleaned file to contentauthenticity.org/verify. If the embedded manifest is gone, Verify reports no Content Credentials found in the file. Read the next section before you treat that as the final word, though — Verify can also recover credentials that were never in the file.
- ExifTool. Phil Harvey's
exiftoolreports JUMBF and APP11 content. Runningexiftool -G1 -a -u cleaned.jpgdumps every group; after a clean the JUMBF / C2PA group and theAPP11segments should be absent, as should EXIF and XMP. - A hex check on the markers. For the truly thorough: a JPEG with a manifest contains
FFEB(APP11) marker bytes carrying aJPsignature and ajumbbox label; a PNG carries acaBXchunk name. After a clean, those markers are gone.
Worth distinguishing two things Verify might show you. "No credentials in this file" means the embedded manifest is removed — that's the part the clean controls. "Recovered from the Content Credentials cloud," if it appears, is a different mechanism entirely, and it's the subject of the honest-limits section below.
What Removing Content Credentials Doesn't Do (Honest Limits)
Removing the embedded manifest is a real, verifiable change — but it is one layer, not a cloak, and anyone claiming otherwise hasn't read Adobe's own documentation. Three things a metadata clean does not reach.
It doesn't delete a durable Content Credential. This is the big one. Adobe's durable Content Credentials are built on what the Initiative calls three pillars: the cryptographically signed metadata (the embedded manifest), an invisible watermark encoded into the pixels, and a digital fingerprint — a perceptual hash of the image itself. The watermark and the fingerprint are designed so that if the embedded manifest is stripped, a verifier can still look the image up — by reading the watermark ID or by matching the fingerprint against Adobe's cloud — and recover the provenance record. So if a credential was published to the cloud with durability on, removing the JUMBF box from your copy clears the embedded layer but not the watermark in the pixels or the cloud match. A metadata strip edits the file's metadata; it does not edit the pixel values, and it cannot reach a record on Adobe's servers.
It doesn't erase Adobe's server-side record. Whatever Adobe logged when Firefly generated the pixels — the account, the generation, the timestamp — lives on Adobe's side, independent of the file you're holding. Cleaning your copy does nothing to records you don't control.
It doesn't decide how a platform classifies the upload. Instagram, TikTok, and others read C2PA manifests at upload time and apply "AI info" or "Made with AI" labels partly off them. Removing the embedded manifest takes one input away from that process, but platforms also run their own detection and, for durable credentials, can perform the same watermark or fingerprint lookup. A clean file is not a guarantee of how a platform labels it. (We went deep on platform-side detection here.)
Photo by Mikhail Nilov on Pexels.
The honest framing: cleaning a Photoshop export reliably removes the embedded C2PA manifest — the APP11 / caBX JUMBF box that travels inside the file to every recipient and is the thing most readers actually mean when they say "the Content Credentials." If the credential was made durable, the watermark and cloud fingerprint are a separate matter that no file-level metadata tool can clear. Know which one you're dealing with before you assume the image is anonymous.
FAQ
Does removing Content Credentials change the image quality?
No. The clean rewrites the metadata blocks only — the JUMBF manifest store, EXIF, XMP, and IPTC — and copies the pixel data through unchanged. There is no re-compression, so resolution, color, and detail are identical to the Photoshop export.
Will the cleaned image still open everywhere?
Yes. A JPEG, PNG, or TIFF with its C2PA manifest removed is a completely standard image file. Every viewer, editor, browser, and platform opens it normally — it's just a few kilobytes smaller.
Can I stop Photoshop from writing Content Credentials in the first place?
Partly. Photoshop's Export As dialog has a Content Credentials section where you control whether credentials attach to the exported file. That governs the embedded copy going forward, but it doesn't clean files you already exported, and for fully Firefly-generated assets Adobe attaches credentials automatically.
If I remove the manifest, can anyone still tell the image used Firefly?
Possibly. If the credential was a durable Content Credential, the invisible watermark in the pixels and the fingerprint match in Adobe's cloud can recover the provenance even after the embedded manifest is gone. Removing the manifest clears the embedded layer, not those.
Can I remove Content Credentials on my phone?
Yes. Metadata Cleaner is browser-only and runs on mobile Safari, Chrome on Android, and Firefox mobile. Drag-and-drop becomes tap-to-pick, and the cleaned file saves to Files or your camera roll.
Is removing Content Credentials legal?
Yes. A C2PA manifest is metadata in a file you own, and no general law requires you to keep it. Narrow professional contexts — newsroom or evidentiary chains of custody — may expect provenance to be preserved; outside those, whether the credential travels with your image is your call.
Used Generative Fill and would rather the AI notice didn't ride along inside the file? Strip the embedded manifest before it leaves your machine. Try Metadata Cleaner free — drop the image, hit Clean, download. The pixels are yours; the signed paper trail in the metadata doesn't have to come with them.