BlockSign is a thin layer over Solana — and that's the point. The fewer moving parts between your document and the receipt, the less attack surface there is for anyone to forge a signature. Here's how the pieces fit together.
Every byte between your browser and BlockSign — including signer-side traffic — moves over TLS 1.3 with HSTS preload. Mixed-content downgrade attacks are blocked at the edge.
PDFs live in Supabase storage with AES-256 encryption at rest. Row-level security policies on the database keep signed-out clients away from documents they're not authorized for.
Each signed version produces a SHA-256 digest of the exact bytes shown to signers. The digest is committed to Solana mainnet as a memo transaction. The chain is the receipt.
Signers never need a wallet. BlockSign holds a single payer keypair that signs the memo transaction on behalf of the network. The keypair is loaded from a secret env var — never bundled, never logged, never exposed to the client.
Anyone holding a signed PDF can verify it — with or without a BlockSign account. The transaction signature is embedded in the file's metadata; the verifier hashes the bytes and compares against the on-chain memo.
Every view, draft revision, and signature is appended to an internal event log. Each signature also produces its own on-chain memo, so the chain itself becomes a tamper-evident audit trail.
We run a coordinated-disclosure policy. Report a vulnerability privately and we'll work with you to fix it — no legal threats, no NDAs required to file. Public credit on request.