I can see the PDF and Certificate can be automatically merged by selecting the ‘Attach certificate of completion to envelope’ option.
My question is, why doesn’t this occur by default? Can merging the documents create a security concern?
I can see the PDF and Certificate can be automatically merged by selecting the ‘Attach certificate of completion to envelope’ option.
My question is, why doesn’t this occur by default? Can merging the documents create a security concern?
Hi Xavier,
There is no security concern with either merging or not merging the documents because the data is always stored securely in DocuSign’s servers.
A customer may not want to merge documents for a couple of reasons. If users are using Digital Signatures (a typical practice outside the US), additional cryptographic information is added to the document. This additional cryptographic information is invalidated if any change is made to the PDF (such as merging the certificate of completion). If a user wishes to keep the cryptographic information associated with their Digital Signatures, they would not want to combine PDFs.
Otherwise, a user may simply wish only to see the original PDF that was signed without the CoC.
Hi Xavier,
You are talking about the Envelope Delivery settings under Signing Settings in your eSignature account. The setting you refer to does not merge the PDF and the certificate of completion (CoC) into a single document. The CoC is included as a separate attachment to the completion email that is sent to senders and signers.
You can find all the details in the following DocuSign support article: https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=fur1583277359739.html&_LANG=enus
As andrew already stated, downloading a combined document, which will merge the PDF document(s) and the CoC into a single document is supported in general and does not affect security at all. However with digital signatures, they will be removed in the combined document as the merge will break the personal certificate and it would show as invalid. Therefore, it is recommended to download the documents separately for non standard electronic signatures. Every document that is downloaded from DocuSign will have a DocuSign Platform Seal (certificate) added to make it tamperproof and provide an extra layer of security.
Great, thank you both!
Hello
Thank you for reaching out here in the DocuSign Community.
I apologize for the inconvenience, this is a follow up on your post.
Was the information provide useful? Let us know if you need further assistance with this.
Best regards,
Christopher | DocuSign Community Moderator
"Select as Best" below if you find the answer a valid solution to your issue.
Hi
I hope you are doing well.
I would like to confirm if you were able to solve your issue by utilizing the solution that was suggested.
If so, please mark it as the best answer by clicking “Select as Best” to make it easier for other users to find.
Otherwise, feel free to let me know and I will gladly help you address the situation as soon as possible.
Best regards,
Christopher | DocuSign Community Moderator
"Select as Best" below if you find the answer a valid solution to your issue.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.