Anatomy of a signature

The signature in Web Trust is composed of several parts depending on the workflow you are using.

The signature in the PDF

When a PDF is involved, there could one or more signatures applied to it. This signature could be PAdES or simply an image, depending on your choice while setting the creation payload.

Here is an example of the image:

Besides the logo, this image contains:

  • The full name of the signer.

  • The graphic signature, may be drawn or automatically generated from the signer’s full name.

  • The SHA-256 hash of the forensic evidence XML or audit trail XML, depending on the workflow.

  • The date when the signature took place.

  • The ID of the signature interaction in our database.

The forensic evidence XML

As the name states is an XML containing several data regarding the interaction with the signer while signing the document. It contains:

  • all the tags used and generated in the signature;

  • the network traffic stored in a PCAP;

  • the decryption keys for the PCAP;

  • information regarding the PDF signature, when applicable:

    • information regarding the signer,

    • clauses accepted by the signer,

    • the SHA-256 digests of all the PDFs signed;

  • the communication request/responses with the sigining environment;

This XML is digitally signed and timestamped by Kopjra’s legal representative.

We offer a free tool to check the forensic evidence XML.

The audit trail XML

Even when a signature does not take place in a forensic environment, we able to create an auditable trail XML file. This file contains data regarding the communication and the signature that took place.

This audit trail XML is fairly similar to the forensic one but it does not contain the PCAP and its decryption keys.

This XML is also digitally signed and timestamped by Kopjra’s legal representative.

The XML verification tool can also be used for the audit trail XML.