Understand how a document becomes tamper-proof, what makes a .pvf file unique, and how verification detects forgery in real time.
When a document is protected by Vertifile, it looks completely different from a forged copy. Here's a side-by-side comparison:
Vertifile uses multiple layers of security to ensure documents cannot be forged or tampered with:
When you upload a document, the system never reads its content. It only computes a SHA-256 cryptographic hash — a unique 64-character fingerprint. Even a single pixel change produces a completely different hash.
The hash is signed with a server-side HMAC secret key. This signature proves the document was registered through Vertifile's servers and hasn't been self-signed or fabricated.
The hash and signature are anchored to the Polygon blockchain — an immutable, public, decentralized ledger. Once registered, the record cannot be altered or deleted by anyone.
A holographic verification stamp is embedded in the .pvf file. It continuously rotates and breathes — if the file is tampered with, the stamp freezes and turns red, showing "FORGED".
The .pvf file includes DevTools detection, cross-origin iframe detection, right-click prevention, and console warnings. Any attempt to modify the file triggers security freezing.
The stamp turns to "FORGED" automatically when any of these conditions are detected:
If even one byte of the original document is changed, the hash no longer matches the blockchain registry. Verification fails instantly.
If browser developer tools are detected (via timing attacks and window size comparison), the stamp immediately freezes. This prevents inspect-and-edit attacks.
Right-click, Ctrl+S, Ctrl+P, and drag attempts are blocked. The stamp cannot be captured in a static state — it only works as a live, running document.
If the .pvf file is embedded in an iframe on another website, it detects the cross-origin context and freezes the stamp to prevent unauthorized reuse.
PVF (Protected Verifiable File) is a new file format registered with IANA as an official internet file format (application/vnd.vertifile.pvf). It's a self-contained HTML document that includes:
Embedded as base64 (for images/PDFs) or escaped text. The content is displayed inside the file — no external dependencies needed.
The SHA-256 hash and HMAC signature are embedded as JavaScript variables. These are verified against the server on every load.
The animated stamp, holographic waves, and all anti-tamper detection code are built into the file. It works offline too (with local verification).
Protect your first document. See the live verification stamp in action.