Independently verify a blockchain-signed document

Blockchains provide immutable records that can prove beyond a reasonable doubt that a signature has taken place on a certain document. This page will go into how you can verify things yourself.

The amount of verification required for a document's signature will vary a lot based on the circumstances.

If an entity you are familiar with signs a document, or you receive a signature from someone you have work history with, it may not be necessary to go through a full verification. With that being said, this page has been made to encompass all the steps necessary to verify a document's signature in a completely trustless manner (eg., from a stranger).

The entire verification process should only take about 2-5 minutes for a beginner. An experienced user can verify a signature in about 30 seconds.

You will need two things to verify a signed document:

  1. The signed document (of course!)

  2. The Ethereum transaction (a link) that has recorded the signature. The signer should be able to easily provide this link to you by retrieving it from their OtoCo dashboard

Step 1: Reading the Ethereum Blockchain

The first thing you want to do is review the signed document and find the blockchain address of the LLC. It will look something like 0xCd1...D2C.

Next, click the link to the Ethereum transaction provided to you by the signer. It should take you to Etherscan.com. There are three tabs on this website that will be important: Overview, Internal Txns, and Logs (pictured below).

Etherscan is one of several tools that provide a user friendly way to view information on the Ethereum blockchain. We use it see the cryptographic signature made by the LLC.

Overview

On the Overview page, ensure that the transaction Status was a success. A successful transaction means that the signer was authorized to make the transaction and that the transaction has been recorded forever on the blockchain.

Internal Txns

On the Internal Txns page, ensure that the static call shows that the signature is linked to the blockchain entity address that appears on the signed document.

Logs

On the Logs page, you can convert the Data values into Text format (so it's readable!). Converting the last 4 or 5 lines of Hex Data should reveal both the filename and the CID (the hash). This allows you to identify the file that has been signed.

The CID will always occupy two lines. The filename will often only take up one line unless it is a long filename (like the one pictured below).

Step 2: Verifying the CID

Step 1 allows us to say with absolute certainty that a document was signed by an authorized signer and linked to the correct company.

Now, we'll make sure that the signed document appearing on Etherscan.com is the same document that you have been given. This will require independently generating the CID of the signed document using any third-party service that supports IPFS hashing.

If the CIDs are the same, you know that the document you have is the one that was signed by the corresponding Delaware or Wyoming company. The record of this signature on the Ethereum blockchain can never be altered, removed, or hidden.

We recommend using Pinata to check this:

  1. Create an account with Pinata

  2. Go to File CID Verifier and upload the signed document that you've been given

  3. View the CID and ensure that it matches the one you saw earlier on Etherscan.com

If a document is modified in any capacity, even by 1 pixel, it will be given a completely different hash. This allows you to guarantee that the intended document has been signed.

I don't want to use Pinata!

If you don't want to use Pinata, you can also generate the CID of a document by using other IPFS API services like Infura or Eternum. Infura requires a Credit Card, Eternum requires you to buy their tokens.

If you want to generate the CID of a document yourself, you can use this ipfs-only-hash package. Just ensure to change the parameter to CID Version 0 (instead of the default which is Version 1).

Conclusion

If you've reviewed the information on Ethereum and have independently generated the same CID, you can be sure that the document you have in your possession was signed by the expected LLC.

These records will live on Ethereum forever! Make sure to keep the signed document in your possession.

Last updated