Verification Engine

Full reference for verifying PDF, XML, and PKCS#7 signatures — integrity, certificate chain, revocation, and tamper detection.

All features supported

Every verification capability listed below is implemented and working on Mobile App and Desktop Software. Verification runs locally or via REST API without requiring a connected DSC token.

Overview

The verification engine validates signed documents by checking cryptographic integrity, signer certificate validity, chain trust to CCA India roots, revocation status (CRL/OCSP), and optional timestamp tokens.

Verification does not require a DSC token — runs on signed artifacts only.
Supports PDF (PAdES), XML (XMLDSig), and PKCS#7/CMS detached and attached signatures.
Returns per-signature detail for multi-signer documents.

Platform Support

Feature	Mobile App	Desktop Software	REST API
Verify PDF Signature	Supported	POST /verify/pdf	POST /verify/pdf
Verify XML Signature	Supported	POST /verify/xml	POST /verify/xml
Verify PKCS#7	Supported	POST /verify/pkcs7	POST /verify/pkcs7
Verify Certificate Chain	Validation engine	Built-in	POST /certificates/validate
Verify Timestamp	TSA verify	`timestampValid` field	`timestampValid` field
Verify Revocation	CRL/OCSP	`revocationStatus`	`revocationStatus`
Document Integrity	Digest check	`integrityValid`	`integrityValid`
Tamper Detection	Integrity engine	`tampered` field	`tampered` field

Verify PDF

Field	Type	Required	Description
`pdfBase64`	string	Yes	Base64-encoded signed PDF
`checkRevocation`	boolean	No	Run CRL/OCSP checks (default `true`)
`signatureIndex`	number	No	Verify specific signature (default: all)

Verify XML

Field	Type	Required	Description
`signedXml`	string	Yes*	Signed XML string (*or `xmlBase64`)
`signatureId`	string	No	Verify specific signature Id
`checkRevocation`	boolean	No	Run CRL/OCSP checks (default `true`)

Verify PKCS#7

Field	Type	Required	Description
`p7sBase64`	string	Yes	Base64-encoded PKCS#7 / CMS signature
`detachedContentBase64`	string	Detached only	Original file content for detached P7S
`checkRevocation`	boolean	No	Run CRL/OCSP checks (default `true`)

Certificate Checks

Each verification response includes certificate validation detail:

Field	Description
`certificateValid`	Chain validates to CCA India root
`notExpired`	Certificate within validity period at signing time
`revocationStatus`	`good`, `revoked`, or `unknown`
`ocspValid`	OCSP responder confirmed status
`timestampValid`	TSA timestamp signature valid
`integrityValid`	Document digest matches signature
`tampered`	`false` when integrity valid; `true` if document modified after signing

Examples

curl -X POST https://api.securesign.toolsbots.com/v1/verify/pdf \
  -H 'Authorization: Bearer ss_live_abc123xyz' \
  -H 'Content-Type: application/json' \
  -d '{"pdfBase64":"JVBERi0x...","checkRevocation":true}'

curl -X POST https://api.securesign.toolsbots.com/v1/verify/xml \
  -H 'Authorization: Bearer ss_live_abc123xyz' \
  -H 'Content-Type: application/json' \
  -d '{"signedXml":"<Invoice>...<ds:Signature>...</ds:Signature></Invoice>"}'

curl -X POST https://api.securesign.toolsbots.com/v1/verify/pkcs7 \
  -H 'Authorization: Bearer ss_live_abc123xyz' \
  -H 'Content-Type: application/json' \
  -d '{"p7sBase64":"MIIG...","detachedContentBase64":"..."}'

Response

PDF verification

{
  "valid": true,
  "tampered": false,
  "signatures": [
    {
      "signer": "Rajesh Kumar",
      "signedAt": "2026-06-22T10:30:00Z",
      "integrityValid": true,
      "certificateValid": true,
      "notExpired": true,
      "revocationStatus": "good",
      "ocspValid": true,
      "timestampValid": true,
      "signatureField": "Signature1",
      "algorithm": "SHA256withRSA"
    }
  ]
}

XML verification

{"valid":true,"digestValid":true,"signatureValid":true,"signer":"Rajesh Kumar","revocationStatus":"good","tampered":false}

PKCS#7 verification

{"valid":true,"integrityValid":true,"certificateValid":true,"signer":"Rajesh Kumar","revocationStatus":"good","tampered":false}

Errors

Code	Cause	Resolution
`SS_NO_SIGNATURE_FOUND`	Document has no signatures	Verify correct signed artifact submitted
`SS_SIGNATURE_INVALID`	Cryptographic verification failed	Document may be tampered or signature corrupt
`SS_CERT_REVOKED`	Signer certificate revoked	Contact signer; obtain new signature
`SS_CERT_EXPIRED`	Certificate expired at signing time	Re-sign with valid certificate
`SS_TAMPERED`	Document modified after signing	Obtain original signed copy
`SS_OCSP_UNAVAILABLE`	OCSP responder unreachable	Retry; check CRL fallback result