Technical Basics
You can think of DOCTAG as a specialized mail server for PDF documents: documents are exchanged between organizations and every step remains traceable.
Simple view: what happens during signing?
- The document gets a unique identity (similar to a digital fingerprint).
- The signing party confirms this state using its site certificate.
- For each additional signature, previous signatures and attachments are also checked for changes.
- If anything is changed afterwards, verification detects it immediately.
What is protected by this?
- Proof of who signed at which step.
- Protection against unnoticed document changes.
- Verifiability across different servers.
Site certificates in context
Site certificates are the digital identity of the signing party. This allows a receiving server to verify that a signature really came from the stated counterparty.
Standards and eIDAS positioning
Technically, DOCTAG uses established cryptographic methods (elliptic curves and SHA-256-based signatures). This follows recognized state-of-the-art practices for integrity and traceability.
Important: this means an eIDAS-aligned technical approach, but not a formal eIDAS certification of the full system.