File Signatures & Verification

Every file you upload to GolemDrive gets a cryptographic signature — a digital fingerprint that proves the file has not been tampered with. You can use this signature to verify that a file is exactly the same as when it was uploaded, with no modifications in transit or on the server.

What is a file signature?

A file signature is a unique string of characters calculated from the file’s contents using a cryptographic algorithm. Think of it like a fingerprint for your file. If even a single byte of the file changes, the signature changes completely. This means you can compare signatures to confirm a file is intact and unmodified.

GolemDrive calculates an MD5 checksum for every file at upload time and stores it as the file’s signature.

View a file’s signature in the dashboard

Open your dashboard and find the file you want to check.
Right-click the file to open the context menu.
Click Signature (or look for the signature/fingerprint option in the context menu).
A dialog appears showing the encrypted signature string for that file.
Click Copy to copy the signature to your clipboard.

You can share this signature with recipients so they can independently verify the file has not been altered.

Verify a file’s integrity in the portal

When someone downloads a shared file, they can verify it matches the original by checking the MD5 checksum.

The recipient downloads the file through the share link.
The recipient goes to the Verify page on the GolemDrive portal.
They upload or select the downloaded file.
The portal calculates the file’s MD5 checksum and compares it with the stored signature.
If the checksums match, the file is verified as intact and unmodified.
If the checksums do not match, the file may have been corrupted or tampered with during download or storage.

Verify a file using the CLI

If you use the GolemDrive command-line tool, you can check signatures and verify files directly from your terminal.

Get a file’s signature

Open your terminal.
Run the following command, replacing <file-uuid> with the file’s UUID:
Terminal window
```
golemdrive signature <file-uuid>
```
The signature string is printed to your terminal.
You can copy it and share it with anyone who needs to verify the file.

Verify a file’s integrity

Open your terminal.
Run the following command:
Terminal window
```
golemdrive verify
```
The CLI checks the file’s current checksum against the stored signature.
It reports whether the file is intact or if a mismatch was detected.

When to use file signatures

Sending important documents. Share the file and separately share the signature. The recipient can verify the file matches after downloading.
Legal or compliance files. Prove that a document has not been altered since it was uploaded.
Software distribution. Let users verify that a downloaded program or update is the genuine, unmodified version.
Detecting corruption. If a file seems damaged or behaves unexpectedly, verify the signature to check if it was corrupted during download.
Audit trails. Keep a record of file signatures to prove at a later date that a specific version of a file existed at a specific time.

How it works behind the scenes

When you upload a file, GolemDrive calculates the MD5 checksum of the file before encryption.
The checksum is stored alongside the file’s metadata.
When someone downloads the file, they can recalculate the checksum on their end and compare it to the stored value.
A match confirms the file is identical to what was uploaded. A mismatch means something changed.

This verification is separate from GolemDrive’s encryption. The file is encrypted with AES-256-GCM for security, and the checksum provides an additional integrity guarantee.

Quick reference

Action	How to do it
View a file’s signature	Right-click the file in dashboard, click Signature, click Copy
Verify in the portal	Go to the Verify page, upload the file, compare checksums
Get signature via CLI	Run `golemdrive signature <file-uuid>`
Verify via CLI	Run `golemdrive verify`