The document verification information file is a digital certificate proving that the document is valid, securely sealed and signed by all document parties, and that their signatures are verified. Document verification is available only after all signatories has sign the document.
The signed document is electronically sealed to ensure integrity and provide non-repudiation. This means that any change that is made to the document, even if it is just a single character, will break the seal and the change can be detected.
To apply the seal to the document, Oneflow partners with Sovos Trustweaver. Sovos Trustweaver is a Qualified Trusted Service Provider and the seal that is applied to the document is a Qualified Electronic Seal.
However, the qualified seal is not applied directly on the document PDF but rather to a verification PDF. The verification contains a fingerprint (or hash or digest) of the document PDF, and provides a cryptographically secure link between the seal, the content of verification and the document content. The attachments to the document are secured in the same manner, with cryptographically secure hashes to all attachment files.
To validate the integrity of a document and attachments follow the steps below.
INFO Document verification is available only after all signatories has signed the document.
Download the document as a PDF
Before downloading the document verification, you need to download your document as a PDF:
- Open your document.
- Click on the action menu > Download as PDF
- Open your document.
- Click on download as PDF.
Open the document in Adobe Reader
Now that you have downloaded the PDF document on your device:
- Open the PDF in Adobe Reader and click on the Attachment icon to the left.
- Open the Verification.txt file, choose the Open this file option, and click OK.
- Copy the verification link and paste it into your browser.
- The verification should be downloaded, and you can open it in Adobe Reader.
If the verification wasn't downloaded, click on Click here if the download does not start automatically.
- When you open the verification, it will look like this:
Note the blue bar at the top saying “Signed and all signatures are valid”. This will prove that the integrity of the verification PDF has not been broken.
Validate integrity of the document PDF
To validate the integrity of the document PDF you need to get the sha256 sum of the document PDF.
On Windows this can be done by running the following command in a terminal window.
C:\> certUtil -hashfile C:\contract.pdf SHA256
Compare the output (the hash) of the command with the “Secure hash” in the verification PDF. If they are the same it proves the integrity of the document PDF as even changing a single character/byte in the document PDF will change the hash.
Further details on how to validate the document PDF can be found on page two of the verification PDF.
If you want to be able to verify documents after removing them from Oneflow, make sure you download both the contract.pdf and verification.pdf, including all attachments.