← Home
Thesis · 2025 · Lead developer / thesis

DocuTrack

Tamper-evident document verification: a hybrid AES-256-GCM + RSA-PSS signing pipeline with an offline verifier that proves a file is untouched — without trusting the channel it travelled through.

PythonFastAPIPostgreSQLAES-256-GCMRSA-PSS
DocuTrack landing page reading 'Documents that prove they haven't been touched', beside a template → encrypted → signed → sealed pipeline

The problem

Documents that move between organisations need a way to prove they have not been altered, without trusting the channel they travelled through.

Approach

A signing service seals each document with AES-256-GCM for confidentiality and integrity, then signs the result with RSA-PSS so the origin can be verified.

A separate verifier service re-checks signatures and runs fully offline, so verification never depends on the signing host being reachable.

Decisions

Why AES-256-GCM and RSA-PSS together, not one

GCM gives authenticated encryption — confidentiality plus a tamper check — but it is symmetric, so it cannot prove who signed. RSA-PSS adds verifiable origin. Splitting the two roles keeps each primitive doing the one job it is strong at.

Offline verifier as a separate service

Verification is the trust-critical path. Isolating it from the signing service gives it a smaller surface, no database writes, and the ability to run where the signing host is not reachable.