SignRequest uses 'SHA-256' cryptographic hash functions (hash codes, for short) to ensure the security of our electronically signed documents.
A cryptographic hash function is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit string of a fixed size (the "hash value", "hash", or "message digest") and is a one-way function, that is, a function which is practically infeasible to invert.
Hash codes are unique codes specific to an individual document. This is a great way to ensure that the document you are looking at is the original. Even if 1 pixel is changed in the document, this will result in a different code. The document that generates the hash code, that is visible in the SignRequest email and the signing log, will be the original document.
Signing Log
SignRequest 'Document Signed' email
Comments
How can the hash key provided be used to verify the document is authentic? For example, when you need to prove the document has not been tampered with?
Hi Matthew,
To check the authenticity of a document by comparing the 'Signed documents' hash code with the provided hash code on the 'signing log'/'Document signed' email, you need to simply upload the signed document to a 'Hash checker'.
SignRequest generates a SHA-256 hash code, which will appear once you have uploaded the 'signed document' to the 'Hash checker'. You can simply compare the two 'hash codes' to verify the authenticity of the signed document.
If 'one pixel' in a document is altered, the 'hash code' will break and will not match the 'hash code' provided in the 'signing log'/Document signed' email.
Hash code on 'signing log'
Generated Hash code when signed document is uploaded to 'Hash checker'
Article is closed for comments.