Data security
What hashes and encryption are, and how we use them
Hashing
A hash is a data-fingerprint
We use hashing to verify that a document is exactly as it was when signed; its fingerprint hasn't changed
Signature added
Single Signature
We read the content of the document, including the signature image if it is a Single Signature, and generate a hash. This hash represents the document as it was when the signatory agreed to it and is saved in our database
Multiple Signatures
We read the content of the document and generate a hash. We also read the signature's image and generate a hash. These hashes represent the document and signature as they were when the signatory signed. The hashes are saved in the Form's Response Sheet as hidden metadata
Check validity
Single Signature
We read the content of whatever document is provided and generate a hash in the same way. If we have that exact hash on record, the document is an exact data match for a valid signed document
Multiple Signatures
We read the content of the document and signature image and generate hashes in the same way. We compare these to those stored when the signature was created, and can assess whether the document or signature are exact data matches
Uniqueness and security
Any change, no matter how insignificant, will result in a different hash. I.e., changing the case of a single character or pixel
We use HMAC SHA-256 which is widely regarded as absolutely secure
Encryption
For Single Signatures, we encrypt email addresses and store these with the hash for a completed signature
These email addresses are only decrypted when a matching hash is obtained - when the signed document is checked - and provided along with the time stamp to add credence to the verification
We use AES encryption, also used by the U.S. Government
General
A security system is only as good as the person behind it
Only the Director of Gigaccounting Ltd knows the secret keys and is able to access the database. There are no rogue employees to worry about
Transmission
Where data is transmitted, i.e. when you make a signature request, or where we provide verification, HTTPS is utilised. This is the same as credit card providers and online banking