Welcome to the “How It Works” overview. Below, we dive deeper into how HashLog certifies files, secures them on the blockchain, and verifies authenticity using Polygon — a high-speed, cost-effective Layer-2 solution.

• 1. File Hashing (Client-Side):
  Before any certificate is created, we calculate a unique fingerprint (SHA-256 hash) of your file directly in your browser. This ensures:
  • No file data ever leaves your device. We only work with the hash.
  • Privacy remains intact as no third party sees or stores your actual file content.
  • High performance since hashing is local and not dependent on network speed.
• 2. Certificate Creation & Signing:
  We generate a certificate containing:
  • Your file hash (the unique fingerprint)
  • Metadata (timestamp, expiry date, issuer info, etc.)
  • A digital signature, using our private key
  The signature ensures authenticity and integrity because it cryptographically ties the certificate to the file hash and prevents tampering.
• 3. Blockchain Anchoring (Polygon):
  We then anchor the certificate’s and file's combined hash on the Polygon blockchain. Polygon is chosen because:
  • It offers low transaction costs (gas fees are minimal compared to Ethereum mainnet).
  • It provides high throughput for faster confirmations.
  • Any data recorded on-chain is immutable—adding transparency and trust.
  This public ledger entry ensures a permanent, verifiable record that your certificate exists and hasn’t been altered.
• 4. Verification & Proof:
  Future integrity checks are straightforward:
  • You (or anyone) re-hash the same file to get a local hash.
  • Compare that hash to the one inside the certificate’s metadata.
  • Confirm via Polygon that the certificate’s on-chain reference matches the combined (file hash + signature).
  If the hashes match and the signature is valid, the file is proven authentic. If not, the file or certificate have been tampered with or are invalid.

This approach combines the benefits of local privacy (all hashing in your browser) with the trustless immutability of a public blockchain—ensuring your documents are safeguarded and verifiable for as long as the blockchain remains operational. Feel free to explore or contact support if you have further questions!

5. Public Verification Key

Anyone can independently verify Hashlog certificates using the public key below.

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrI7aTESyXN8Mno8oyKy
wZDNmEtH7XX8bOTGZmfClj43KaOKAr9pnbK6Q5TzrvfSjO5rZI9WF6EMV0seQpVn
RKNYxzh709LdMrTcmvdNAEh1oAsP7DHbJXTkjJu/JSWCIj3D0t5p58z89QglJWsG
FPodU7K8eXKYeCvP9jccWuA5bq6JIA+UHoR1cn4UOkq5rZ/N9f3eJtJc0/IciCp8
gL+r/ZZQY3uJ+yYV8Ob8wRX0mIHO8pSHm2x9i9g6yq8hCPYasvR63zvw6yvMrbkU
uasPnmL8JHq1Jz38hmHnax/2jjkIuAngVZEPnRFo0d86vbKUdKbv3ywUmzAAYQBa
PwIDAQAB
-----END PUBLIC KEY-----

Want to reproduce the exact signature check done by Hashlog? After loading the JSON certificate, remove the fields transaction_id and signature before calling:
$verificationResult = openssl_verify($dataToVerify, $decodedSignature, $publicKey, OPENSSL_ALGO_SHA256);
This mirrors the server‑side logic (verifyCertificate()) and guarantees that the digest you verify is identical to the one originally signed.