Friday, 24 April, 2026
Anthropogenic eutrophication of Lake Titicaca (Bolivia) revealed by carbon and nitrogen stable isotopes fingerprinting
The contribution of stable isotopes of antimony for tracing pollution sources and transfer processes in aquatic environments.
Multi-isotope (Pb, Sb) approach to trace metallic contaminant sources at a historical mining and metallurgical site
Antimony isotope fractionation during Sb(V) and Sb(III) adsorption on secondary Fe-minerals (schwertmannite, ferrihydrite) typical of mine waters
Linkedin
Guides
Collaborer

Signature and Certification

An IsoFind report generated in its final version (not a preview) is cryptographically signed. This signature guarantees the document's origin and integrity: any reader with the corresponding public key can verify that the document has not been modified since its production and that it was indeed issued by the claimed workstation. This page describes the mechanism, what it guarantees, what it does not, and how to use it in practice.

What the signature guarantees

The cryptographic signature of an IsoFind report ensures three well-defined properties.

Property Definition
Integrity No byte of the document has been modified since its generation. A single altered comma invalidates the signature.
Authenticity The document was produced by the IsoFind workstation holding the associated private key.
Technical Non-repudiation The issuer cannot technically deny having produced the document, provided their private key has not been compromised.

What the signature does NOT guarantee

It is crucial not to over-interpret what a cryptographic signature provides. Several properties often associated with the idea of a "certified report" are not guaranteed by the signature itself.

  • The signature says nothing about the scientific accuracy of the content. A report can be signed and still be incorrect.
  • The signature does not certify the author's competence. Anyone can install IsoFind and sign reports.
  • The signature does not replace regulatory approval or accreditation. A signed report is not automatically admissible in an administrative framework that requires COFRAC accreditation or equivalent.
  • The signature does not prove that no content was omitted. It covers what is in the document, not what might be missing.
Confusion between cryptographic signature and scientific validation is common and sometimes misleadingly maintained in the marketing communication of certain tools. IsoFind is intentionally conservative on this point: the signature is a tool for integrity and traceability, not a proof of quality.

Technical Mechanism

The signature uses the ECDSA (Elliptic Curve Digital Signature Algorithm) on the P-256 curve, a standard widely deployed and recognized by national and international security frameworks. Each IsoFind workstation has a pair of private and public keys. The private key is stored in an encrypted container specific to the workstation. The public key is freely distributable and is used to verify issued signatures.

Step Detail
1. Hash Calculation SHA-256 of the final PDF content.
2. Hash Signing ECDSA P-256 using the workstation's private key.
3. Packaging Signature, hash, public key identifier, and timestamp attached to the PDF.
4. Certification Block The final page of the report displays the hash, key ID, and a standardized certification statement.

The Certification Block

The certification block is one of the standard blocks in the catalog (Conclusion category, nature "none"). It is included by default in all templates and generates the final page of the report with the following elements: standardized certification statement, SHA-256 document hash, workstation public key identifier, signature timestamp, and verification instructions.

The standardized statement clearly specifies what the signature guarantees and what it does not, in the terms mentioned above. This standardization prevents misunderstandings when the document is handled by non-technical recipients.

The Certification block should not be removed from a report intended for external distribution. It is what makes the signature actionable for the reader. A report signed without a Certification block remains technically verifiable, but the procedure is less accessible for a non-technical recipient.

Verifying a Received Report

A recipient who receives a signed report has several options to verify the signature, from the simplest to the most rigorous.

Method Audience Requirement
IsoFind Online Tool Non-technical reader Internet access, drag-and-drop the PDF.
Local IsoFind Application IsoFind User IsoFind installed, open the file.
OpenSSL Command Line Technical Expert OpenSSL knowledge, public key file.
'isof' Python Library Automated Integration isof package installed via pip.

In all cases, the verification results in a binary outcome: valid or invalid signature. An invalid signature may indicate either a modification of the document (intentional or accidental) or an attempt to substitute a fraudulent report for another claiming to be the same.

Laboratory Certificate

For users who wish to link their IsoFind workstation to a formal organizational identity (an analytical laboratory, a consultancy firm, an expert office), IsoFind offers a laboratory certificate system. This system relies on a three-level PKI.

Level Role Validity Period
IsoFind Root CA Root anchor, signs intermediate CAs. 20 years, renewal in 2046.
IsoFind Issuing CA Signs laboratory certificates on HSM. 5 years, renewal in 2031.
Laboratory Certificate Identifies the organization issuing the reports. 1 to 3 years depending on subscription.

A report signed by a certified organization contains, in addition to the basic signature, a certificate chain leading back to the IsoFind Root CA. A verifier can thus confirm not only the integrity of the report but also the identity of the issuing organization. The procedure for obtaining a laboratory certificate is described on a dedicated page.

Archiving and Long-Term Verification

Cryptographic signatures have a practical lifespan limited by the evolution of algorithms and threats. A report signed today with ECDSA P-256 should remain verifiable for at least twenty years, but this estimate is conditional on progress in cryptanalysis. For archives requiring verification over several decades, two complementary strategies are recommended.

  • Keep the original document in its signed format, without alteration.
  • Periodically re-sign with an up-to-date algorithm if the sensitivity of the document justifies it.
  • Archive the associated public key independently of the document, to prevent loss of access to the IsoFind service from making verification impossible.
  • For regulatory use, prefer the ISOF format, which adds an HMAC seal to the signature for long-term integrity.

Difference between Signed Report and ISOF Archive

IsoFind offers two distinct signed formats that correspond to two different use cases. The distinction is important.

Format Content Use Case
Signed PDF Formatted report, readable in any PDF viewer. Distribution to clients, authorities, or experts.
ISOF Archive Structured set of project data, signed and HMAC sealed. Long-term archiving, litigation, full project transmission.

Both formats are produced from the same IsoFind project and carry complementary guarantees. For a complete regulatory file, it is common to attach both the signed PDF (readable by the authority) and the ISOF archive (for traceability and technical reopening later).

A signed PDF can be archived in a traditional document repository (DMS, SharePoint, network file system) without special precautions. An ISOF archive, which is larger and intended for technical reopening, should be kept in a dedicated storage space with a retention policy adapted to the activity.

Reporting a Compromised Key

If a private key is compromised (workstation theft, exfiltration, suspicion of unauthorized use), the organization must report it to IsoFind so the corresponding public key can be revoked. A revocation list is maintained and consulted by verification tools. A report signed with a revoked key is flagged as invalid with an explicit mention of the revocation.

Revocation does not invalidate reports signed before the compromise, but it signals to the verifier that signatures made after the revocation date should be considered unreliable. This temporal granularity is important to avoid invalidating legitimate documents prior to the incident.

Learn More

  • Foix, FRANCE
Linkedin

All Rights Reserved by IsoFind