Tamper detection answers one critical question: has this document been modified after it was signed? In a world where PDFs can be edited with free tools, tamper detection is the technology that gives electronic signatures their credibility.
Tamper detection is the ability to identify whether a document has been altered after it was signed. It works by creating a digital fingerprint of the document at the moment of signing, then checking whether the current version of the document matches that fingerprint.
If even a single character has been changed — a number modified, a clause added, whitespace inserted — tamper detection flags the document as altered.
The core technology is cryptographic hashing. Here is what happens behind the scenes:
1. Document signing. When a signer applies their electronic signature, the e-signing platform generates a hash — a unique string of characters calculated from the document's contents. Think of it as a fingerprint: no two different documents produce the same hash, and any change to the document produces a completely different hash.
2. Hash storage. The hash is embedded in the signed document or stored alongside it. This becomes the reference point — the "known good" state of the document at the time of signing.
3. Verification. When someone opens the signed document to verify its integrity, the platform recalculates the hash from the current document and compares it to the stored hash. If they match, the document is unaltered. If they differ, the document has been tampered with.
Legal enforceability. A signed document that has been modified after signing may not be enforceable. If a party can show that the document they are being held to is different from what they signed, the agreement may be invalidated. Tamper detection proves the document has not changed.
Trust between parties. When you receive a signed document, you need to know it is the version that was actually signed. Without tamper detection, you would need to compare every document against an original — an impractical process for any business handling more than a handful of agreements.
Audit and compliance. Regulatory frameworks require document integrity. If a regulator asks you to produce a signed document, you need to prove it is authentic and unmodified. Tamper detection provides this proof automatically.
Dispute resolution. If a disagreement arises about what was agreed, the tamper detection record settles the question. Either the document is in its original state or it is not — there is no ambiguity.
It is worth distinguishing between two related but different concepts:
Tamper detection checks whether a document has been modified. It is a property of the signed document — built in at the time of signing.
Digital signatures (in the cryptographic sense) use public-key cryptography to both verify the signer's identity and detect tampering. They are a specific technical mechanism that provides tamper detection as one of their functions.
Most e-signing platforms use some form of tamper detection, but not all use full cryptographic digital signatures. For standard business documents, the practical outcome is the same: you can verify the document has not been altered. The distinction matters primarily in regulatory contexts where specific technical mechanisms are mandated (e.g., eIDAS qualified signatures require cryptographic digital signatures).
PDF flattening. After signing, the document is flattened — all form fields, signatures, and annotations are permanently embedded in the PDF. The document can no longer be edited using standard PDF tools. Any attempt to modify the flattened PDF would be visible as corruption or inconsistency.
Cryptographic hashing. A SHA-256 or similar hash is calculated from the document's contents and stored securely. Any modification changes the hash, making tampering immediately detectable.
Audit trail records. The audit trail records the state of the document at each signing event. Comparing the current document to the audit trail record reveals whether anything has changed.
Certificate-based integrity seals. In advanced and qualified electronic signatures, a cryptographic seal from a trusted certificate authority is applied to the document. This seal breaks if the document is modified, providing both tamper detection and third-party verification.
GoodSign implements tamper detection through multiple layers:
PDF flattening. Once all parties have signed, GoodSign flattens the document — all signatures, form data, dates, and timestamps are permanently embedded in the PDF. The resulting file is a self-contained record of what was agreed and who signed it. It cannot be casually edited without visible evidence of modification.
Comprehensive audit trail. Each document carries a detailed record of every step in the signing process: when the document was created, when it was sent, when each signer opened it, when they signed, and what verification method confirmed their identity. This trail is stored permanently alongside the document.
Encrypted storage. Signed documents are stored with encryption at rest in ISO 27001 and SOC 2 compliant data centres. Access is controlled through authenticated sessions, preventing unauthorised access to stored documents.
Immutable records. Once a document is signed and flattened, it cannot be modified within GoodSign. The version in your archive is the version that was signed — no edits, no revisions, no exceptions.
Signer verification. Tamper detection is not just about the document — it is also about the signatures. GoodSign verifies signer identity through email delivery, SMS one-time passwords, or biometric passkeys, ensuring that the signatures themselves are legitimate.
All integrity and tamper detection features are included at $1.50 per envelope sent. No extra charges for audit trails, PDF flattening, or encrypted storage.
Tamper detection is powerful but it has limits:
It cannot prevent tampering — only detect it. If someone has access to a signed PDF and edits it outside the e-signing platform, tamper detection allows you to identify the modification, but it does not stop the modification from happening.
It depends on the verification workflow. Tamper detection only works if someone actually checks the document against the original. If a modified document is accepted without verification, the tamper detection is irrelevant.
It does not verify content accuracy. Tamper detection confirms the document has not changed since signing — not that the content was correct in the first place. A document full of errors is just as tamper-proof as a perfect one.
All rights reserved © GoodSign Limited 2026
2 Stuart St, Ponsonby, Auckland 1011, New Zealand..