Do people need a SwanShare account to verify a credential?

No. Verification is public and free — anyone can check a credential with just its verification ID or the credential file, without an account and without trusting SwanShare.

What actually stops someone forging a credential?

Each credential is signed with your organization's private key using RSA-PSS. Without that key a valid signature can't be produced, and changing even one character breaks the SHA-256 fingerprint — so tampering is always detectable.

Is this really on a blockchain?

Every credential's fingerprint is written to a tamper-evident, hash-chained ledger with proof-of-work. You can additionally anchor batches to a public blockchain (EVM) or OpenTimestamps. We're upfront that the built-in ledger is the default and public-chain anchoring is opt-in.

Can I revoke a credential after issuing it?

Yes. Revoke it in the dashboard and public verification reflects the revoked status immediately and honestly.

Which standards do you support?

Credentials export as W3C Verifiable Credentials and Open Badges 3.0, so they work with other wallets and verifiers — not just SwanShare.

How do e-signatures work?

Upload a multi-page PDF, place signature/date/text fields for each signer, and send tokenized links (no account needed to sign). When everyone signs, the document is sealed with a certificate of completion and anchored to the ledger.

Can anyone verify a sealed document without logging in?

Yes. Go to Verify → Signed document on the homepage (or /verify-document), upload the signed PDF, and SwanShare checks the fingerprint, issuer signature, and ledger anchor — no account required.

How do I verify a digital certificate for free?

Open https://www.swanshare.site/verify, paste the credential’s verification ID or upload the credential file, and SwanShare re-checks the issuer’s RSA-PSS signature, the SHA-256 fingerprint, and the ledger anchor. There’s no account and no cost.

Why isn’t a PDF certificate enough to prove authenticity?

A PDF or scan carries no cryptographic proof and can be edited in minutes. Real verification checks a digital signature and a hash fingerprint of the exact contents, so any change is detectable and the issuer’s identity is provable.

Can I verify a certificate that wasn’t issued by SwanShare?

If it’s exported as a W3C Verifiable Credential or Open Badges 3.0 credential, any conformant verifier or wallet can check it — the cryptographic proof is embedded, so it isn’t locked to one platform.

How to verify a digital certificate (and prove it's authentic)

Published Jun 25, 2026 · 7 min read

To verify a digital certificate, you re-check three things: the issuer’s cryptographic signature, the hash fingerprint of the exact contents, and whether the issuer has revoked it. With SwanShare you can do all three for free at /verify — no account, just the verification ID or the credential file.

A digital certificate is only as good as your ability to prove it’s real. A PDF with a logo and a signature image proves almost nothing — anyone can copy a layout. Real verification doesn’t trust how a document looks; it checks the math underneath. This guide explains what that math is and walks through verifying a credential step by step.

What does “verifying” a digital certificate actually mean?

Verifying means answering three questions with cryptography rather than trust:

Who issued it? A valid digital signature proves the certificate was signed by a specific organization’s private key — and only the holder of that key could have produced it.
Has it been altered? A hash fingerprint (SHA-256) is computed over the exact contents. Change a single character — a name, a date, a grade — and the fingerprint no longer matches.
Is it still valid? Issuers can revoke a credential. Honest verification reflects revocation, so an expired or withdrawn certificate doesn’t silently pass.

If all three check out, you don’t have to trust the person who handed you the certificate, and you don’t even have to trust the verification service — the proof stands on its own.

Why isn’t a PDF or a photo enough?

A scanned certificate or an exported PDF carries no cryptographic proof. It can be edited in minutes: change the name, bump the score, move the date. Even a “signature” drawn on the page is just pixels. Email forwarding, screenshots, and re-saving all strip away any chance of proving origin. That’s exactly the gap cryptographic credentials close — the proof travels with the credential and can be re-checked by anyone, forever.

How does the cryptography work, in plain terms?

SwanShare credentials are built from a few well-understood primitives:

1. A digital signature (RSA-PSS)

When an organization issues a credential, it signs the contents with its private signing key using RSA-PSS. The matching public key can verify that signature, but it can’t be used to forge a new one. No private key, no valid signature — so an impostor can’t mint a credential in your name.

2. A hash fingerprint (SHA-256)

A SHA-256 hash is a fixed-length fingerprint of the exact bytes of the credential. It’s deterministic (same input, same fingerprint) and tamper-evident (any change produces a wildly different fingerprint). Verification recomputes the hash and compares it to what was signed.

3. An anchor that proves when

Each credential’s fingerprint is written to a tamper-evident, hash-chained ledger, so records can’t be quietly backdated or rewritten. SwanShare batches many fingerprints into a Merkle tree and anchors the single root, which makes a whole batch provable at once. For stronger, independent timestamping you can opt in to anchoring batches to a public blockchain (EVM) or to OpenTimestamps. The built-in ledger is the default; public-chain anchoring is optional.

How do I verify a SwanShare credential, step by step?

Open https://www.swanshare.site/verify in any browser.
Paste the credential’s verification ID (it’s on the certificate / in the link you were given), or upload the credential file you received.
SwanShare recomputes the SHA-256 fingerprint, checks the issuer’s RSA-PSS signature against their public key, and looks up the ledger anchor.
Read the result: who issued it, when, whether the contents are unaltered, and whether it’s been revoked.

There’s no login and no cost for verification — it’s meant to be done by an employer, a registrar, or a customer who has never heard of SwanShare. If you have a signed PDF document rather than a credential, use /verify-document instead.

What should a verifier look for in the result?

Issuer identity matches the organization you expected.
Integrity passed — the contents haven’t changed since issuance.
Status is active, not revoked or expired.
The issue date is consistent with the ledger anchor.

If any of these fail, treat the certificate as unproven — not necessarily fraudulent, but not something you should rely on without contacting the issuer directly.

Can I verify credentials that weren’t issued by SwanShare?

If a credential is exported as a W3C Verifiable Credential or an Open Badges 3.0 credential, it can be checked by any conformant verifier or wallet, not just SwanShare. Standards-based credentials are portable: the cryptographic proof is embedded, so the recipient isn’t locked into one vendor’s website to prove what they earned.

Verify a credential now — free, no account →