Issuer
Authorized organization issues an official document.
Technology
A document authenticity layer powered by VeriSeal Core.
Docseal manages issuers, document types, registry statuses, visibility policies and verification URLs. VeriSeal Core provides the cryptographic proof engine underneath.
How the verification flow fits together.
Docseal connects the issuer, the sealed document record and the third-party verification page. The verifier checks the received file against the official sealed reference.
Hash + metadata
The document hash and business metadata are prepared.
Docseal Registry
Seal ID, status and visibility policy are recorded.
Verify URL
A public or controlled verification page is created.
Document circulates
The PDF or file leaves the issuer and reaches a third party.
File comparison
The received file is hashed and compared with the sealed reference.
Result
Authentic, Tampered, Revoked, Replaced, Expired or Unknown.
VeriSeal Core is the cryptographic proof infrastructure underneath Docseal: hash, manifest, receipt, proof record and optional anchoring.
Docseal business layer
Five operational blocks for document authenticity.
Docseal is not a signature product. It is the business layer that makes official documents verifiable by third parties.
Docseal Issuer
Issue and seal a verifiable official document.
Docseal Verify
Compare the received file with the sealed reference hash.
Docseal Registry
Manage valid, revoked, replaced and expired statuses.
Docseal Trust
Control authorized issuers, document types and policies.
Docseal Gateway
Enable local, client-side or on-premise hashing for sensitive workflows.
VeriSeal Core
Cryptographic proof engine.
VeriSeal Core handles hash, manifest, proof, ledger, Merkle root, receipt and optional anchoring depending on issuer policy.
Hash & manifest
Canonical representation of the sealed document or file.
Ledger & Merkle root
Append-only proof record and cryptographic binding.
Receipt & public verify
A readable verification record for third parties.
Optional anchoring
Anchoring can be added depending on issuer policy.
Verification flow
From issuer to verifier.
Issuer seals
The issuer submits a document hash, manifest and metadata.
Registry records
Docseal stores issuer, document type, seal status and visibility policy.
Verifier uploads
The third party uploads or hashes the file received.
Docseal compares
The received hash is compared with the sealed reference hash.
Coexists with qualified trust services.
Docseal does not replace electronic signatures, electronic seals or qualified trust services. It adds a document authenticity and integrity layer that can coexist with them.
Security, privacy and operational questions.
These are the questions most institutional teams ask before scoping a pilot.
Does Docseal need to store document content?
No. Docseal can operate in hash-only mode. In that case, sensitive content remains outside Docseal and verification is performed by comparing the received file hash with the sealed reference hash.
What happens if Docseal is no longer available?
Pilot scope should include proof export, receipt export and reversibility requirements. The goal is to avoid locking document authenticity evidence inside an inaccessible system.
Is a DPA / GDPR pack available?
A DPA and privacy pack should be prepared for production or regulated pilots. Hash-only mode reduces exposure by keeping sensitive document content outside Docseal.
What SLA is provided?
SLA commitments are defined at production scope. Pilots should define expected availability, support windows and incident escalation before launch.
Does Docseal replace electronic signatures?
No. Docseal is not a qualified electronic signature product or qualified trust service. It adds authenticity and file-integrity verification and may coexist with eIDAS services.
Architecture
Discuss architecture and security.
We can scope API integration, gateway deployment, local hashing, visibility policy and audit requirements for a controlled pilot.
Post-quantum readiness and crypto-agility
The current DocSeal demo profile uses a classical document-integrity proof model. For banking and long-retention deployments, DocSeal is designed to support a crypto-agile evidence model that can be extended with a hybrid post-quantum signature layer.
Current demo profileClassical document integrity
Hash profileSHA-256
Post-quantum statusCrypto-agile ready
Hybrid target profileClassical + ML-DSA
Migration approachSecondary signature layer
Long-term validationPeriodic resealing supported
DocSeal does not claim that this demo profile is post-quantum protected end-to-end. The current claim is crypto-agility: the proof architecture can be extended toward a hybrid signature profile without changing the document workflow.