Understand how a document becomes tamper-evident, what makes a .pvf file unique, and how verification detects forgery in real time.
When a document is protected by Vertifile, it looks completely different from a forged copy. Here's a side-by-side comparison:
This is the real verification stamp from a .pvf file. The verified stamp breathes and rotates; the forged copy (one byte changed) freezes and turns red. Open the live .pvf in a new tab to see it run for real.
Click to open the live .pvf in a new tab — framed viewing is disabled on purpose, as a security protection.
Vertifile layers multiple security mechanisms so that any forgery or tampering is exposed the moment the document is verified:
In Blind mode, your document is encrypted and hashed in your browser — the server receives only ciphertext and a SHA-256 fingerprint, a unique 64-character code. Even a single pixel change produces a completely different hash.
The hash is signed with a server-side HMAC secret key. This signature proves the document was registered through Vertifile's servers and hasn't been self-signed or fabricated.
The hash is also signed with an Ed25519 private key. Anyone can verify the matching public key — proving the seal is authentic and that a forged signature cannot pass verification.
A holographic verification stamp is embedded in the .pvf file. It continuously rotates and breathes — if the file is tampered with, the stamp freezes and turns red, showing "FORGED".
The .pvf file includes DevTools detection, cross-origin iframe detection, right-click prevention, and console warnings. Any attempt to modify the file triggers security freezing.
The stamp turns to "FORGED" automatically when any of these conditions are detected:
If even one byte of the original document is changed, the hash no longer matches the registered fingerprint. Verification fails instantly.
If browser developer tools are detected (via timing attacks and window size comparison), the stamp immediately freezes. This prevents inspect-and-edit attacks.
Right-click, Ctrl+S, Ctrl+P, and drag attempts are blocked. The stamp cannot be captured in a static state — it only works as a live, running document.
If the .pvf file is embedded in an iframe on another website, it detects the cross-origin context and freezes the stamp to prevent unauthorized reuse.
PVF (Protected Verifiable File) is a new file format registered with IANA as an official internet file format (application/vnd.vertifile.pvf). It's a self-contained HTML document that includes:
Embedded as base64 (for images/PDFs) or escaped text. The content is displayed inside the file — no external dependencies needed.
The SHA-256 hash and HMAC signature are embedded as JavaScript variables. These are verified against the server on every load.
The animated stamp, holographic waves, and anti-tamper checks are built into the file. You can view it offline — offline checks give a first-line indication, while authoritative verification runs online.
Protect your first document. See the live verification stamp in action.