Paste the SHA-256 from the cover page, or upload the PDF directly. The verifier confirms whether the file was signed by Northbeams on the date it claims and whether the contents have been altered since. Public. No login. No account required.
The hash on the cover page of the pack. Either paste it or drop the PDF and we'll compute it locally.
Organization name is shown to authenticated requestors only. Sign in to your Northbeams workspace to see the full cover.
This hash does not correspond to a Northbeams-signed pack, or the pack has been altered since signing. Re-download the original PDF from your dashboard and try again.
If you believe this is in error, email auditor-support@northbeams.com.
01 / How the signature works
Each Evidence Pack carries a SHA-256 of its underlying event log plus a detached HMAC signature. Verification confirms the signature, the hash, and the signing identity.
HMAC-SHA256CN=Northbeams Evidence v1Daily event batches are append-only, with each batch's header carrying the previous batch's hash. Tampering with history breaks the chain. The pack carries the chain's tail hash so verification covers history, not just the document.
SHA-256X.509 v2 lands within 90 days, with optional customer-side key escrow for the Compliance Enterprise tier. Verifications made today against v1 packs will continue to verify after v2 ships.
02 / Signing key fingerprint
For auditors who prefer to verify off-network, the current signing-key fingerprint is published here. Rotation is logged in /changelog with at least 30 days notice.
03 / Auditor support
If you're an auditor and a pack you received doesn't verify, or you need supplementary evidence from the originating organization, email auditor-support@northbeams.com. We respond within one business day. We will not share customer data with you directly; the customer is the data owner. We will help you reach them.