Evidence layer & verification

The proof NoSign embeds in every sealed PDF — and how anyone can verify it offline.

NoSign’s prime directive is provability. The evidence layer is its strongest expression: every sealed PDF carries its own proof, and anyone can verify it — without trusting the platform that produced it.

What gets embedded

Bilingual audit-certificate page

Before the seal is applied, NoSign appends a human-readable audit-certificate page to the document, rendered in both German and English. It records:

Because the page is appended before sealing, it falls inside the sealed bytes — it cannot be swapped without breaking the seal.

Embedded structured audit record

NoSign also embeds a machine-readable nosign-audit.json inside the signed ByteRange. It is schema-versioned, so consumers can parse it reliably across NoSign versions. The structured record travels inside the bytes, not bolted on beside them.

The public /verify portal

NoSign ships a public /verify portal — a stateless fourth trust boundary with no auth, no session, and no database. You upload a sealed PDF; it returns one of five verdicts:

VerdictMeaning
VALIDSeal intact, ByteRange matches, timestamp validates
TAMPEREDBytes changed after signing (incl. trailing-byte shadow attacks)
INVALIDA seal is present but the signature or timestamp fails to validate
NO_SEALThe PDF carries no NoSign seal — nothing to verify
INPUT_ERRORNot a readable PDF, or the upload could not be parsed

Under the hood the verifier performs a ByteRange-integrity check, validates the embedded RFC3161 timestamp, and runs shadow-attack detection (trailing bytes appended after the signed range). It is built on openssl cms / openssl ts and holds no state.

Why it matters

This is real PAdES-B-T proof made checkable by anyone — not only by platforms that already pre-trust the seal certificate. It is a concrete step toward the long-term-validation story; full PAdES-LTV and an AATL-trusted certificate remain a later drop-in (see legal class).

← Lifecycle Legal class