Skip to main content
Every evidence claim on SignSealShip — on a room card, in a Closing Passport, on a verify page — uses exactly three words. The vocabulary is locked on purpose: evidence language that stretches is trust theater, and trust theater is the thing this platform exists to replace.
BadgeMeaningVerifiable without us?
SEALEDA cryptographically verifiable artifact hash is on recordYes
RECORDEDPlatform attestation only — we say it happenedNo
No evidence yetNothing to show, said explicitly
The rule behind all three: never imply evidence that is not held.

SEALED

SEALED means a cryptographically verifiable artifact exists and its hash is on record. When a document card shows SEALED, it links to the seal’s public verification page at /v/{verifyCode}. What stands behind that badge:
The document is sealed with an asymmetric signature whose private key never leaves Google Cloud KMS. It is a CMS/PKCS#7 signature visible in a standard PDF signature panel, with byte-range tamper evidence: change one byte after sealing and every verifier can tell.
An independent time-stamping authority attests, over the sealed document’s SHA-256, that those bytes existed at that moment. The token is archivable and independently verifiable — it is the authority’s word, not ours.
The sealed hash is submitted to public OpenTimestamps calendars, producing a detached .ots proof anyone can verify or upgrade with standard tooling. We describe it exactly as it is: pending until a Bitcoin block confirms it, anchored after. We never claim “anchored” before the chain does.
Every sealed document gets a 128-bit random verification code and a custody record: the pre-seal document hash, the post-seal hash, and when the seal happened. Possession of the code (or of the sealed file itself) is the authorization to see the record.
A freshly sealed document can briefly show SEALED without a verify link while its verification code is being generated. The badge is still earned — the artifact hash is on record — and the card points at the verification drop portal at signsealship.com/verify, where uploading the sealed file resolves its record.

RECORDED

RECORDED means our systems logged that a milestone happened — a document finished signing, a package shipped — but no independent cryptographic artifact backs that specific claim. It is honest attestation, clearly labeled as attestation. This distinction runs through everything:
  • A room card shows RECORDED for a signed-but-not-yet-sealed document.
  • A Closing Passport labels every statusAtSnapshot as attestation, distinct from the hash fields beside it.
  • A RECORDED item never renders a verify link, because there is nothing independent to verify.
If you need a claim to survive scrutiny that does not extend to trusting SignSealShip, get it SEALED.

No evidence yet

Pending items say “no evidence yet” in those words. Not a spinner, not a softened euphemism, not an empty space that invites assumption — an explicit statement that nothing is on record. Two related fail-safe rules:
  • Unknown statuses read as open. If a room encounters an order status it does not recognize, the document renders as open — never as complete. New states fail toward “less claimed”, not more.
  • Absence is stated, not padded. In a Closing Passport manifest, hash fields exist only when the artifact exists. A missing sealedSha256 key is the record that no seal exists.

Verifying without trusting us

Every SEALED claim is checkable through channels SignSealShip does not control:
1

Open the sealed PDF in a signature viewer

The KMS signature and byte-range tamper evidence validate in a standard PDF signature panel, offline, with no SignSealShip involvement.
2

Check the public verify URL

/v/{verifyCode} (or /v/room/{verifyCode} for a Closing Passport) shows the custody record — hashes and seal time — with no account and no login.
3

Recompute the hashes yourself

SHA-256 the sealed file you hold and compare it to the recorded sealedSha256. For passports, re-canonicalize the manifest and re-hash it; the chain must recompute cleanly.
4

Verify the timestamps independently

The RFC 3161 token validates against the issuing authority; the OpenTimestamps proof validates against the Bitcoin blockchain with standard open-source tooling.
If SignSealShip disappeared tomorrow, every SEALED artifact would still verify. That is the bar the vocabulary is built around.

Where the vocabulary appears

  • Room cards — each attached document carries exactly one badge. See Closing Rooms.
  • Closing Passports — hashes are evidence; statuses are labeled attestation; coverage is enumerated. See Closing Passport.
  • Verify pages/v/{code} and /v/room/{code} show only what the record holds.
  • Webhook events — deliveries carry verify codes and hashes, never inflated claims. See the webhooks guide.