Summary
Optional GPG or key-based cryptographic signing for CLAs that require stronger legal provenance than "clicked agree."
Motivation
Some legal teams require cryptographic proof of signing for compliance or audit purposes. This is especially relevant for corporate CLAs in regulated industries.
Implementation notes
- Optional per-agreement setting (most projects won't need this)
- Option 1: GPG-sign a hash of the CLA text + timestamp + user identity
- Option 2: Use Web Crypto API for browser-based key generation and signing
- Store the signature blob alongside the
Signature record
- Verification endpoint to validate a signature's authenticity
- PDF export includes cryptographic proof
Phase
Phase 8: Polish & Expansion (v3.0 roadmap)
Summary
Optional GPG or key-based cryptographic signing for CLAs that require stronger legal provenance than "clicked agree."
Motivation
Some legal teams require cryptographic proof of signing for compliance or audit purposes. This is especially relevant for corporate CLAs in regulated industries.
Implementation notes
SignaturerecordPhase
Phase 8: Polish & Expansion (v3.0 roadmap)