> ## Documentation Index
> Fetch the complete documentation index at: https://docs.klariqo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Signed vCons

> How a JWS signature makes a Klariqo record tamper-evident, and what the signature does and does not prove.

Every Klariqo compliance record is signed so that any change to it is detectable. This page explains what the signature is, and what it does and does not prove.

## How the signature works

<Steps>
  <Step title="The recording is fingerprinted">
    A SHA-512 content hash is computed over the recording and stored in the record. It ties the record to that exact audio.
  </Step>

  <Step title="The record is signed">
    A JWS signature (RS256) is computed over the whole record. The signature carries Klariqo's signing certificate, so a verifier has what it needs to check it.
  </Step>

  <Step title="Tampering becomes visible">
    Any later change to the record, even a single character, makes the signature fail verification. There is no silent edit.
  </Step>
</Steps>

## What the signature proves

* **Integrity.** The record is exactly what was signed, unchanged. This is the strong, independent guarantee.
* **Origin, self-asserted.** It was signed by Klariqo's published key. Self-asserted means we publish our key and you can check a record was signed by it. Klariqo is not a certificate authority, and the signature does not chain to a government or third-party root.

## What it does not prove

<Warning>
  A valid signature proves the record's integrity and origin. It is not a legal judgment. It does not by itself make a call lawful, prove consent, or make you compliant. See [the evidence boundary](/compliance-records/evidence-boundary).
</Warning>

## Verify it yourself

<Card title="Verify a vCon" icon="circle-check" href="/compliance-records/verify-a-vcon">
  Paste or upload any record and check the signature in your browser.
</Card>