How to Verify Singpass PDF Digital Signatures Online
A complete, step-by-step guide to verifying digital signatures on documents signed via Singapore's National Digital Identity (NDI) "Sign with Singpass" feature.
Upload your digitally signed PDF to pdfsigncheck.com. We will compute cryptographic hashes, validate PKCS#7 structures, and check the validity in seconds — 100% in-memory with zero file retention.
1. What is "Sign with Singpass"?
Sign with Singpassis a secure digital signing service introduced by the Government Technology Agency of Singapore (GovTech). It is part of Singapore's National Digital Identity (NDI) initiative, allowing Singpass app users to sign electronic contracts, agreements, and official applications digitally.
When a user signs a document using their Singpass app, they authenticate using biometrics (Face verification or Fingerprint) or their passcode. The app then triggers the generation of a secure digital signature bound to the resident's unique verified identity.
2. Netrust & Accredited Certifying Authorities in Singapore
Under Singapore's cryptographic architecture, the digital certificates used during a Singpass signing transaction are issued by Netrust CA. Netrust is Singapore's first licensed Qualified Certifying Authority under the Electronic Transactions Act.
Netrust cryptographically verifies the identity data provided by GovTech and binds it to a public-private key pair. When the user signs the PDF, the private key (stored securely in a hardware security module managed by Netrust) signs the document hash, creating a PKCS#7/CMS signature block embedded directly into the PDF.
3. How to Verify Singpass Signatures on pdfsigncheck.com
To check the authenticity of a Singpass-signed document and verify that the content has not been tampered with since signing, follow these steps:
- Upload original PDF: Drag your signed document into the verifier on pdfsigncheck.com. Do not scan or photocopy the printed document, as this removes the digital cryptographic block.
- In-Memory Processing: Our system reads the PDF structure, locates the byte ranges, and extracts the PKCS#7 signature dictionary.
- Signature Verification: We decrypt the signed digest using the public key in the Netrust certificate, check the validity of the certificate chain, and confirm the document has not been altered.
- Read Signing Metadata:The results box displays the signing date, the signer's name, and the Netrust issuer details.
4. Security Features of Singpass Signed Documents
Singpass digital signatures utilize a robust cryptographic setup to ensure extreme document security:
- Tamper Detection: If a single word, number, or field is modified after the signature is applied, the cryptographic hash verification fails, indicating the document is invalid.
- Non-Repudiation: Because the signing keys are bound to a verified GovTech identity and secured within Netrust HSMs, the signer cannot deny signing the document.
- GDPR & PDPA Compliance: The signing transaction contains only necessary identity descriptors. PDF SignCheck verifies these files temporarily in memory and never stores them.
5. Legal Validity Under Singapore's Electronic Transactions Act (ETA)
In Singapore, digital signatures created under the National Digital Identity (NDI) framework are governed by the **Electronic Transactions Act (Cap. 88)**.
The ETA recognizes **Secure Electronic Signatures**, which carry a legal presumption of authenticity and integrity. Under Section 18 of the ETA, when a secure electronic signature is verified:
- The signature is presumed to be that of the person to whom it is correlated.
- The secure electronic record is presumed not to have been altered since the specific point in time the signature was created.
This makes Singpass signatures fully admissible in Singapore courts and accepted by major statutory boards such as ACRA, IRAS, and the CPF Board.
6. Troubleshooting & Frequently Asked Questions
Zero-Knowledge Privacy
Files are processed strictly in secure memory modules inside your local browser. No server storage.
Cryptographic Standards
Fully compliant with IETF RFC 5652 (CMS), Adobe PDF specs, eIDAS, and Controller of Certifying Authorities (CCA).
Verify Anonymously
No personal registration or document tracking is required. Verify up to 2 files daily as guest.
Detailed Audit Trails
Generates downloadable, verified PDFs with structural signature stamps and trust summaries.
Edge Sandbox Security
Verification executes inside sandboxed browser modules to ensure isolated document handling.
Zero Data Logging
Absolutely no logging of files, names, email contents, or signature details. Pure privacy.