BlockSign is a thin layer over Solana — and that's the point. The fewer moving parts between your document and the receipt, the less attack surface there is for anyone to forge a signature. Here's how the pieces fit together.
Every byte between your browser and BlockSign — including signer-side traffic — moves over TLS 1.3 with HSTS preload. Mixed-content downgrade attacks are blocked at the edge.
PDFs live in Supabase storage with AES-256 encryption at rest. Row-level security policies on the database keep signed-out clients away from documents they're not authorized for.
Each signed version produces a SHA-256 digest of the exact bytes shown to signers. The digest is committed to Solana mainnet as a memo transaction. The chain is the receipt.
Signers never need a wallet. BlockSign holds a single payer keypair that signs the memo transaction on behalf of the network. The keypair is loaded from a secret env var — never bundled, never logged, never exposed to the client.
Anyone holding a signed PDF can verify it — with or without a BlockSign account, and without trusting any code we run. The verifier is open source under the MIT license, the protocol is fully specified, and the npm package can be installed and audited line by line. Only the verifier is open source; the BlockSign platform itself is closed.
Every view, draft revision, and signature is appended to an internal event log. Each signature also produces its own on-chain memo, so the chain itself becomes a tamper-evident audit trail.
We run a coordinated-disclosure policy. Report a vulnerability privately and we'll work with you to fix it — no legal threats, no NDAs required to file. Public credit on request.
