Evidence package

A file claimed to have been signed in Scrive is only trustworthy if it remains unaltered. Any modification to the document—such as adding annotations, highlighting text, or compressing the PDF—will render it no longer an original. This is because even the smallest change affects the underlying data, breaking the digital seal that protects the document’s integrity.

Scrive supports two industry-standard methods for sealing and verifying the authenticity of signed documents. Read more here.

Scrive stores an original copy of each document until it is deleted by the owner. Any exact, unaltered digital copy of that document is still considered an original.

To verify the integrity of your document—regardless of whether it was sealed using PKI or KSI—please see this article.

An easy way of viewing the embedded HTML evidence package is to open the original document in e.g. Adobe Acrobat Reader. Click on the attachments icon to show the list of attachments which together make up the evidence package. All the attachments are in a HTML format. Double-click on a file to open it in your default browser.

The attachment consists of:

1. Evidence Quality Framework – about the framework Scrive uses for evidence quality.

2. Service Description – a detailed description of how Scrive works.

3. Evidence Log – all events associated with this document, in detail.

4. Evidence of Time – samples from the Scrive server clocks and statistical analysis of the clock error (to make it possible to determine how exact the Scrive clocks are).

5. Evidence of Intent – screenshots from the devices (computer/phone/tablet) the signing individuals used to sign. (This works most of the time, but not always, as web browsers can be unpredictable.)

6. Digital Signature Documentation – a detailed description of how Scrive’s blockchain-based digital signing works; the basis for securing the integrity of documents signed in Scrive.

7. Quality of Scrive E-signed Document – an explanation on how Scrive fulfils evidence quality requirements.

The “last updated” date is when Scrive last changed something in the template text for the attachment. The attachment itself was generated when the last signing party signed.

Questions about who signed a document, when it was signed, and how it was signed can all be answered using both the Evidence log and the Evidence of Intent.

Evidence log (Appendix 3)

This file contains all events that Scrive has been able to record about the document, up until the last person signed it. Thereafter, the file is locked. Or rather: if the file is changed after this point in time, it is not what the signatories signed and it is therefore no longer an original. It is not possible to verify the integrity of the document if it has been changed. See more above in the section on “Document integrity”.

In the Evidence log, you'll find key information, including the signatory’s name, email address and/or phone number, along with the timestamp and IP address of the device used to view the document.

The timestamp is in the leftmost column. Scrive always uses time in the UTC time zone. The CES column is the last time we analysed the clock error (which in turn results in the +/- X ms in the leftmost column). The IP address is in the third column.

It should be noted that an IP address is not a very good way of identifying an individual. A very common case is that many individuals, sometimes whole cities, share a single IP address. However, the user behind the IP address might be located somewhere completely different as they may be using a VPN.