How it works

From template to public verification.

A clear, transactional, auditable flow. No shortcuts. No homegrown cryptography.

  1. 1

    Model your template

    You define a document type: required fields, privacy policy, default expiration, retention and signature level. The template is versioned.

  2. 2

    Request issuance

    Via dashboard or API. The operation is idempotent — retries with the same key return the same document.

  3. 3

    PDF and CSV generation

    Certums renders the canonical document, assigns a unique cryptographic CSV, and embeds the verification block and QR code.

  4. 4

    Digital signature + timestamp

    PAdES B-LT or B-LTA signature with a key managed by HSM/KMS/QTSP, RFC 3161 timestamp, embedded OCSP/CRL evidence.

  5. 5

    Storage and traceability

    Signed PDF, source and evidence are stored immutably. Every step lands in the audit trail with an optional hash chain.

  6. 6

    Open verification

    The recipient scans the QR or enters the CSV. Within seconds they confirm authenticity, validity, signature and traceability — no account required.

What if I need to revoke or replace a document?

Any issuer with permission can revoke a document with a normalized reason, or supersede it by issuing a new one that links back to the previous version. Public verification reflects the state change immediately.