Tamper‑Evident Legal & Trust Documents (Signed Manifest)
How to make legal/trust PDFs tamper-evident using signed manifests and deterministic digests. PDF is controlling; editable copy available on request.
Summary: How to make legal/trust PDFs tamper-evident using signed manifests and deterministic digests.
| Document ID | MVG-DOC-MANIFEST-1.0.1 |
|---|---|
| Version | 1.0.1 |
| Effective date | 2026-02-10 |
| Status | Public |
| Classification | Trust / legal hardening (public-safe) |
| Formats | PDF (controlling) • Editable copy (request) |
| Primary contact | legal@meridianverity.com (legal) |
| Security contact | security@meridianverity.com |
| Privacy contact | privacy@meridianverity.com |
| SHA-256 (PDF bytes) | 55098a28faf6e8957e3779e65d6b6ba17cc7d009dc2e677261c8c85b43b097dd |
| Bytes | 84,491 |
1. Plain-language summary (non-binding)
Specifies how MVG can make legal and trust PDFs tamper‑evident using deterministic digests (SHA‑256) and a signed manifest (DSSE envelope).
Design is “nitpick-proof” by construction: immutability (never overwrite versioned PDFs), deterministic hashing over served bytes, explicit key IDs and rotation, and optional timestamping for stronger time-of-publication evidence.
Note: this strengthens integrity verification, but does not replace jurisdiction-specific notarization or legal authenticity requirements.
Related: /trust, /verify, /attack-surface
Legal boundaries (procurement-safe)
Non‑binding by default: website publications are for transparency and procurement review. If you have a signed agreement with MVG, the agreement controls.
No SLA unless contract: any response times or availability targets are objectives only unless explicitly included in an executed SLA.
No license grant: No patent license by publication.
For evidence verification workflows, see /trust and /verify.
Integrity note
For reproducible integrity checks, compare the SHA‑256 above against the bytes you downloaded. The mirror should match.