Sealing and verifying a Scrive document

As soon as all parties have electronically signed a document, Scrive seals the file using one of two advanced cryptographic methods: Public Key Infrastructure (PKI) or Keyless Signature Infrastructure (KSI) from Guardtime. The method applied depends on the specific scenario and requirements of the document.

In both cases, Scrive creates a unique digital fingerprint of the file, encompassing the signed document, the Evidence Package, and any attachments. This fingerprint is a cryptographic hash—a mathematical value generated by applying a one-way function to the data. The hash is unique to the exact content of the file; even a minor change will produce a completely different result.

When KSI is used, Guardtime organizes the hash values of multiple sealed documents into a Merkle tree. This structure enables efficient and scalable verification by combining multiple hashes into one top-level hash known as the root hash. The integrity of any single document can then be verified independently, as long as the sealed document and the root hash are available and trusted.

With PKI sealing, Scrive applies a digital signature using a cryptographic key pair—one private and one public. This allows anyone with the public key to verify that the document hasn’t been tampered with since it was signed, and that it was signed by an authorized entity.

Regardless of whether PKI or KSI is used, the result is the same: your document is sealed in a way that allows you to verify its integrity at any point in the future, whether minutes or decades after signing.