Digitally accepting an agreement on Vestd
When an option or growth share is accepted on Vestd we capture acceptance of the agreement document as a digital signature.
This digital signature confirms that the recipient accepted the agreement as it was presented at the time.
We do this by creating a unique fingerprint of the document and combining it with the verified email address of the signer, this along with their IP address, and browser details form the complete digital signature.
If the document is subsequently changed the digital signature will no longer match, this allows us to detect changes.
This digital signature can also be verified independently of Vestd allowing anyone to confirm the digital signature presented on the application belongs to the agreement document.
The current version of the signature can be computed by taking the lowercase MD5 hash of the pdf and passing it to the HMAC-MD5 hash function with the encryption key set to the verified email address of the accepting user.
In addition to this, we store an encrypted copy of the digital signature. This allows us to detect if the signature has been tampered with.