DocForge Docs

E-Signing & Audit Trail

DocForge can capture a signature, append a certificate page, and seal the PDF so tampering is detectable. Signing is pluggable: built-in for everyday documents, qualified providers for high-stakes ones.

What a signature needs

A defensible e-signature needs three things: evidence of intent and attribution, proof the document has not changed since signing, and an audit trail of what happened and when. A typed name alone gives you none of the last two.

The built-in signer

The built-in provider captures a typed or drawn signature, appends a certificate page summarising the signing event — signer, timestamps, and trail — and seals the PDF with a SHA-256 hash. Change one byte afterward and the hash no longer matches, so tampering is detectable. For internal approvals, acknowledgements, and most ordinary business documents, that is genuinely enough.

Audit trail

Each signing records who was sent the document, when they opened it, when they signed, and from where — the context that makes a signature hold up if it is ever questioned.

Qualified providers

For documents that carry legal or regulatory weight, route signing through a qualified provider — eMudhra in India, or DocuSign globally. These add identity verification and a certificate chain tied to a vetted identity.

Pluggable. The built-in signer and qualified providers sit behind the same interface, so you can start with the built-in signer and route high-stakes documents through eMudhra or DocuSign without changing your templates or workflow. Qualified providers are a Pro feature.

Match the signature to the stakes

Reserve qualified e-signatures for documents whose disputes would actually reach a courtroom. For everything else, a sealed PDF with an audit trail and certificate page is the right evidence with none of the extra friction.