Verifying That a Redacted Document Hasn't Been Tampered With

The problem verification solves

Once a redacted document leaves your organisation, you lose control of it. The recipient could modify it - intentionally or accidentally - and claim the version they have is the one you sent. In litigation, a party might argue that redactions were applied to hide relevant content rather than to protect personal data. In regulatory proceedings, an authority might want assurance that the documents provided are the same ones that were redacted.

Without a verification mechanism, there's no way to independently confirm that a document is unchanged from the point of redaction. Digital files carry no inherent tamper evidence. Unlike a physical document where alterations might be visible (different ink, paper texture, correction marks), a modified PDF looks identical to an unmodified one.

How cryptographic verification works

Verification certificates use public-key cryptography - the same mathematical foundation that secures HTTPS connections and digital banking.

When RedactProof generates a verification certificate, it creates a cryptographic hash of the redacted document. A hash is a fixed-length string derived from the document's content. Change a single pixel in the document and the hash changes entirely. The hash is then signed using an Ed25519 private key, producing a digital signature.

The certificate contains the document hash, the signature, and a timestamp. A QR code on the certificate encodes the verification URL. Anyone can verify the certificate by hashing the document themselves and checking the signature against RedactProof's public key. If the hashes match and the signature is valid, the document hasn't been modified since the certificate was generated.

No special software is needed for verification. The QR code links to a verification page where you upload the document to check it locally - the file doesn't leave your browser during verification.

When verification matters

Not every redacted document needs a verification certificate. Internal documents that stay within your organisation probably don't need one.

Verification becomes valuable when documents cross organisational boundaries: disclosure to opposing counsel, SAR responses to former employees, records provided to regulators, documents shared with insurers, or records submitted to tribunals.

It's particularly relevant in adversarial contexts. If someone has an incentive to claim a document was altered - and in litigation or regulatory investigations, they might - having cryptographic evidence of integrity pre-empts that argument.

Some organisations include verification certificates as standard practice for all external disclosure. The cost is negligible (it's automated) and the protection is permanent.

Limitations to be honest about

A verification certificate confirms that a document hasn't changed since the certificate was generated. It doesn't confirm that the redaction was done correctly, that the right content was redacted, or that the underlying process followed any particular standard.

The certificate is evidence of integrity, not evidence of quality. It answers "has this document been modified?" but not "was this document properly redacted?"

If the private signing key were compromised, an attacker could forge certificates. This is a theoretical risk shared by all digital signature systems and mitigated by key management practices. Verification certificates are one piece of evidence - useful and mathematically strong, but not a complete compliance framework on their own.