When a document is signed using the e-signature feature in Zomentum Grow, a signing log certificate and a completed PDF of the signed document are generated. The signing log includes an SHA256 hash that correlates with the PDF to ensure the integrity and authenticity of the signed document. This article provides a guide on how to correlate the signing log with the signed PDF and instructions for generating the SHA256 hash for the PDF on both Windows and Mac environments.


TABLE OF CONTENTS


Understanding the Signing Log and SHA256 Hash

The SHA256 hash is a cryptographic hash function that produces a unique 256-bit (32-byte) signature for a text. In the context of digital signatures, the SHA256 hash of the signed PDF ensures that the document has not been altered after signing, providing a secure method to verify its integrity.


Steps to Correlate the Signing Log with the Signed PDF

  1. Access the Signed PDF: After the document is signed in Zomentum Grow, download the completed PDF along with the signing log. These are also emailed to the document owner.
  2. Review the Signing Log: Open the signing log to view the SHA256 hash. This hash represents the final state of the PDF at the time of signing.



  3. Generate SHA256 Hash of the PDF: Follow the instructions below to generate the SHA256 hash of the PDF on your operating system.
  4. Compare the Hashes: The hash generated from the PDF should match the hash provided in the signing log. If they match, it verifies that the document has not been tampered with since signing.


Generating SHA256 Hash on Windows

  • Using PowerShell:
    • Open PowerShell on your computer.
    • Use the Get-FileHash command to generate the hash. Navigate to the directory containing your PDF and run:
      Get-FileHash -Path "C:\path\to\your\file.pdf" -Algorithm SHA256
    • This command will display the SHA256 hash of the PDF.


Generating SHA256 Hash on Mac

  • Using Terminal:
    • Open Terminal on your Mac.
    • Use the shasum command to generate the hash. Navigate to the directory containing your PDF and run:
      shasum -a 256 /path/to/your/file.pdf
    • This command will output the SHA256 hash of the PDF.


Using Online Tools for Generating SHA256 Hash

If using command line tools seems daunting, there are several user-friendly online tools that can help you generate a SHA256 hash without any technical expertise:

  • HashCalc: A straightforward tool that supports multiple hash types and can process files of any size.

  • Hash File Online: Another excellent tool that provides easy hash generation by uploading your file directly to their website. It supports SHA256 among other hash types and is very user-friendly.

These online tools provide a quick way to verify the integrity of files. However, exercise caution and consider the security implications when using third-party services, especially with confidential documents.


A Note on PDF Merging in Other E-Signature Solutions

Interestingly, some e-signature solutions opt to merge the certificate into the same PDF as the signed document. While this might seem convenient, it can actually complicate validation. After all, anyone with basic tools can merge two PDFs together—hardly a bulletproof method for maintaining document integrity!


Conclusion

By following these steps, customers of Zomentum Grow can ensure the authenticity and integrity of their e-signed documents. This process is crucial for evidential purposes, especially in legal contexts where the validity of digital documents might be challenged. Always ensure that the SHA256 hashes match to confirm that the document has not been altered post-signature.