Fortified Electronic Signature (FES)
FES (Fortified Electronic Signature) is meetergo's enhanced signing mode for PDF Template fields. When enabled, the system requires the signer to verify their email address with a one-time code before the PDF is accepted, and it generates a tamper-proof audit trail for every signed document.
The easiest place to enable FES for a simple document-signing flow is now E-Signatures in the sidebar. If you start from there, upload the PDF first and then enable email verification in the document setup. See Sending PDFs for Signature.
FES goes beyond a simple hand-drawn signature by capturing verifiable proof of identity and document integrity — making it suitable for documents where legal defensibility matters.
What FES Records
Every FES-verified submission creates an audit trail that includes:
| Data point | Description |
|---|---|
| Timestamp | Exact date and time the document was accepted |
| Email address | Verified email of the signer (confirmed via OTP) |
| IP address | Network address at the time of signing |
| Browser & device | User-agent information |
| SHA-256 hash | Cryptographic fingerprint of the final signed PDF |
| Integrity status | Whether the document has been tampered with since signing |
| Cryptographic signature | PKCS#7/CAdES signature embedded in the PDF file |
The SHA-256 hash is computed from the final signed PDF at the moment of acceptance. Any subsequent modification of the file would change its hash, which is then detectable via the integrity check in the submission view.
Cryptographic PDF Signature
In addition to the audit trail, every FES PDF is cryptographically signed (ETSI.CAdES.detached, the EU eIDAS standard). What this means:
- Opening the PDF in Adobe Acrobat Reader automatically validates the signature.
- Adobe shows "Document has not been modified since this signature was applied" — mathematical proof that the file is unchanged since signing.
- The signature embeds the signing timestamp and the signer (meetergo GmbH).
- To get the green check ✓ in Adobe, the certificate must be from an AATL-listed CA (enterprise configuration).
With our development certificate, Adobe shows a yellow warning and "Signer's identity is unknown." This does not mean the signature is invalid — it is cryptographically correct, but the issuing CA is not known to Adobe. For the green check on end-user devices, an AATL certificate (~€200/year) is required. Contact support if you need this.
Enabling FES on a PDF Template Field
FES is an option within the PDF Template field. To enable it:
- Open your routing form and go to the Builder tab.
- Click the pencil icon on an existing PDF Template field, or add a new one.
- In the PDF Template Editor, configure your field placements as needed.
- Under Signature settings, toggle on:
- Require signature — the signer must draw their signature
- Require email verification (FES) — the signer must verify their email via OTP
- Click Save.
Both toggles must be enabled for FES to activate. Email verification without a drawn signature, or a drawn signature without email verification, is not considered FES.
How It Works for the Signer
When a respondent reaches the PDF Template field with FES enabled:
- The pre-filled PDF is shown for review.
- The signer clicks Sign to open the signature field.
- Two modes are available:
- Draw — sign with mouse, trackpad, or finger (on touch devices). Color can be set to black, blue, or red.
- Type — type the name, which is automatically rendered in a handwritten-style font (Caveat) as a signature image.
- The system prompts for their email address (pre-filled if an email field was completed earlier in the form).
- A one-time code is sent to that email address.
- The signer enters the code to verify their identity.
- The signed PDF — with signature embedded and a cryptographic signature — is generated and uploaded to meetergo.
- The form can now be submitted.
The OTP code expires after a short period. If the signer doesn't receive the email promptly, they can request a new code.
Viewing the FES Audit Trail
After a form is submitted with FES:
- Go to Routing Forms and open the relevant form.
- Click on a submission to view its details.
- Scroll to the FES Audit Trail section.
The audit trail shows:
- Submission timestamp
- Verified signer email
- IP address and browser at the time of signing
- SHA-256 hash of the signed PDF
- Integrity status — a green indicator confirms the document has not been modified; a red indicator means the hash no longer matches the stored file
- Cryptographic signature status — for each signed PDF, indicates whether the embedded PKCS#7 signature was successfully applied, along with the signing timestamp
Who FES Is For
FES is designed for teams that need to collect signatures with a stronger proof of identity than a simple canvas drawing. Common use cases:
- Legal agreements — NDAs, service contracts, terms of service
- Regulated industries — healthcare consent forms, financial disclosures
- High-value transactions — supplier agreements, client proposals
- Audit-ready processes — wherever you need to demonstrate who signed, when, and from where
FES satisfies the requirements for a "simple electronic signature" (SES) under eIDAS (EU) and ESIGN (US), with additional identity evidence from the OTP verification. For qualified electronic signatures (QES) with the highest legal standing, contact meetergo support about enterprise options.
FAQ
What is the difference between a regular e-signature and FES?
A regular e-signature (the Signature field type or a signature on a PDF Template without OTP) captures a drawn signature and stores it as an image. It proves that someone signed, but does not verify who. FES adds email OTP verification and an integrity-protected audit trail, providing verifiable proof of identity and document authenticity.
Can the audit trail be exported?
The audit trail is visible in the submission details view. For bulk export, use the meetergo API or contact support.
What happens if the signer enters the wrong OTP code?
They can try again or request a new code. The form cannot be submitted until the OTP is verified and the PDF is accepted.
Does FES add delay to the signing process?
Typically just the time it takes to receive and enter the OTP code — usually under a minute. Ensure the signer has access to the email address they enter in the form.
Is the signed PDF stored securely?
Yes. Signed PDFs are stored in meetergo's encrypted cloud storage. The SHA-256 hash ensures any future tampering can be detected.
Related Articles
Was this article helpful?
Let us know if this article answered your questions.