Vidima invoice verification: ECDSA P-256 cryptographic seal

The problem: how do you know if an invoice is authentic?

Picture this scenario, common across Switzerland: you receive a PDF by email with an invoice for CHF 4,870. The header says "Studio X", the IBAN is a Swiss bank, the QR-Bill looks correct. You pay.

Two weeks later, Studio X calls you saying the invoice isn't theirs. Someone intercepted the real email, modified the IBAN replacing it with their own ("man-in-the-middle" fraud), and sent you back the same-looking PDF. Your CHF 4,870 has gone to a scammer in Lithuania.

This is not a hypothetical scenario. It's a scheme known as "business email compromise" (BEC), responsible for hundreds of millions of CHF stolen in Switzerland every year according to Fedpol and MELANI. Banks, however sophisticated, can't stop it: the IBAN on the QR-Bill is technically valid, it just isn't the real supplier's.

The underlying problem: a PDF is just bits. Anyone can modify it without leaving a visible trace.

The Vidima solution: per-invoice cryptographic seal

Vidima solves the problem with cryptography. Every PDF invoice generated is digitally signed with a standard cryptographic algorithm (ECDSA P-256), and the signature result is embedded in a second QR code printed in the footer of the invoice — next to the QR-Bill payment code.

Your customer can:

1. Open the phone camera app (or a generic QR app).
2. Point it at the second QR.
3. Land automatically on verify.vidima.ch.
4. See in plain text: who issued the invoice, exactly when, the amount, and whether that PDF is 100% authentic.

If even a single byte of the PDF has been modified after issuance — a changed IBAN, an inflated amount, an altered date — verification fails. The system says "INVALID" and the user knows not to pay.

ECDSA P-256 explained in 2 minutes

ECDSA stands for "Elliptic Curve Digital Signature Algorithm". P-256 is the specific curve (defined in NIST SP 800-186 / FIPS 186-5). Together they constitute a digital signature standard used by TLS, Bitcoin, Apple Wallet, Swiss electronic passports.

The basic idea, without the maths:

• You have two keys: a private one (which you keep secret) and a public one (which anyone can see).
• Only the private key can sign.
• Anyone, using the public key, can verify that the signature is valid and that it matches exactly the signed content.
• Modifying even a single bit of the content instantly invalidates the signature. To produce a valid signature, you'd need the private key, which never leaves the computer of whoever issues the invoice.

P-256 produces 64-byte signatures (512 bits), compact enough to fit in a medium-sized QR code together with the invoice metadata.

Anatomy of the seal (FAT2 format)

The Vidima seal uses a custom format called FAT2 (Fattura Authenticated Token v2). What's embedded in the QR is a string that, decoded, contains:

• Header identifier "FAT2".
• Compressed JSON payload (with deflate-raw) containing:
  • iss — issuer identity (creditor / studio).
  • sub — subject: invoice number.
  • amt — amount + currency.
  • iat — issued at: ISO 8601 UTC timestamp.
  • hash — SHA-256 of the PDF content (excluding the seal area itself, to avoid loops).
  • jwk — public key in JSON Web Key format (curve "P-256", x, y).
• Signature — ECDSA P-256 signature of the payload, calculated with the private key.

The whole token is then base64url-encoded (URL-safe) and inserted into the QR. Typical size is 300-400 bytes — it fits comfortably in a version 8-10 QR at error correction level M.

How to verify (step by step)

Two ways:

Method 1: scan via mobile

1. Open the phone camera app.
2. Point it at the seal QR code (NOT the QR-Bill payment code — the seal is the smaller one, in the footer of the invoice).
3. Tap the link that appears: it leads to https://verify.vidima.ch/?token=....
4. The browser opens the official verifier, decodes the token, recomputes the signature using the included public key, and shows:
   • Result (VALID / INVALID).
   • Issuer (studio/business that signed).
   • Invoice number, amount, currency.
   • Issuance timestamp.

Method 2: manual paste

If you can't scan (e.g. PDF open on a computer with no camera), go to verify.vidima.ch, copy-paste the token string from the QR (any desktop QR reader can decode it), click "Verify". Same result.

Exactly what the seal confirms

A successful verification confirms 4 mathematically certain facts:

1. Issuer identity. The invoice was signed by the private key associated with that specific studio/business's certificate. No one else in the world can have signed in their name.
2. Timestamp. The invoice was issued at the time declared in the iat. (Note: the timestamp is declared by the signer; for a legally binding timestamp, a qualified seal is required — see below).
3. Declared amount. The amount in the seal matches the one visible on the invoice. If anyone tampered with the visible amount, the two numbers won't match and it will be immediately apparent.
4. PDF integrity. The PDF has not been modified after issuance (verified via the SHA-256 hash). Change a single character, a single pixel, and the hash changes, and the signature becomes invalid.

What the seal does NOT confirm

Transparency: the Vidima seal is not a silver bullet. Here's what it doesn't do:

• It is not a qualified electronic signature (QES) under the SCSE (Swiss Federal Act on Electronic Signatures). A QES requires a certificate issued by a recognised Trust Service Provider (SwissSign, QuoVadis). For documents that require a QES by law (e.g. contracts requiring qualified written form), use a dedicated QES solution.
• It does not guarantee payment. It confirms who issued the invoice, but not that the supplier has delivered the goods or performed the service.
• It does not replace the 10-year legal archiving required by the Code of Obligations (Art. 957a CO). Vidima generates archivable PDFs, but the retention process (on non-rewritable media or a certified cloud archive) remains your responsibility.
• It is not anti-key-revocation. If the private key of whoever issued the invoice gets compromised (e.g. stolen laptop), all invoices signed before the compromise remain valid; those signed after with the stolen key will appear valid but are fraudulent. For sensitive cases, always contact the signer through a separate channel (phone) before paying large amounts.

Comparison with other systems

The Vidima seal positions itself as "a good defence against everyday fraud, free and immediate". For documents requiring maximum legal rigour, the QES remains the standard.

Privacy: your data stays on your computer

A natural concern about "online verification" systems is: what data is transmitted?

Short answer: only the seal. Nothing private.

In detail:

• The private signing key is generated on your computer the first time you install Vidima and never leaves it. It is stored on your local disk; if you enable session lock with PIN (opt-in), the key is encrypted with AES-GCM while the app is locked.
• When you issue an invoice, the signature is computed locally. Vidima does not talk to any external server to sign.
• The seal in the QR contains only: issuer identity (studio name), invoice number, amount, timestamp, hash, public key. No customer data (no customer name, no IBAN, no line-item content).
• When someone verifies the seal on verify.vidima.ch, the verifier receives only the token. It does not receive the PDF, it does not receive data about whoever is verifying. It computes the signature and shows the result.
• Vidima does not log verifications, does not profile who looks them up, does not sell data. See our privacy policy.

Link to the official verifier

To test verification with a real Vidima invoice, go to:

→ verify.vidima.ch

The verifier is free, anonymous, and works for anyone — whether you're a Vidima customer or simply received an invoice from a studio that uses Vidima and want to check before paying.

To issue invoices with a seal, you need Vidima. See the QR-Bill guide for how it integrates with the standard Swiss payment, and the VAT guide for tax management.