Sounds like there's pretty clear evidence present on the RightSignature site, but they really need to provide a way to verify a document without the site being up and intact. That certification page is basically worthless otherwise.
The PDF format supports this, at least Adobe Reader can validate a signed PDF if it's signed in a certain way[1]. I know DocuSign does this - and Reader even has a little button to view the signed version (embedded in the PDF, I think)[2].
[1]: https://helpx.adobe.com/acrobat/desktop/e-sign-documents/man...
[2]: Example in Adobe Reader: https://i.moveything.com/1cf1e4ea5619 (redacted partly by me)
It's difficult, because the certification page is part of the PDF so obviously can't include a hash or signature of itself. And you can't just rely on a hash since someone could tamper with the file and just update the hash. A well defined way to extract the signed payload would work, but their design doesn't currently involve any cryptography so it would be a pretty wholescale redesign.
It feels like you need to sue them for scamming you with fake documents. Their attempts didn't work on you, but it might've scammed many others.
I so wish there was a conclusion on what happened with the leasing agency
As yet, nothing - I'm in the process of drafting a complaint to the department of Real Estate, but the agency hasn't said anything further
Sounds like there's pretty clear evidence present on the RightSignature site, but they really need to provide a way to verify a document without the site being up and intact. That certification page is basically worthless otherwise.
The PDF format supports this, at least Adobe Reader can validate a signed PDF if it's signed in a certain way[1]. I know DocuSign does this - and Reader even has a little button to view the signed version (embedded in the PDF, I think)[2]. [1]: https://helpx.adobe.com/acrobat/desktop/e-sign-documents/man... [2]: Example in Adobe Reader: https://i.moveything.com/1cf1e4ea5619 (redacted partly by me)
It's difficult, because the certification page is part of the PDF so obviously can't include a hash or signature of itself. And you can't just rely on a hash since someone could tamper with the file and just update the hash. A well defined way to extract the signed payload would work, but their design doesn't currently involve any cryptography so it would be a pretty wholescale redesign.