/
SHA-1 Hash on Approved Test Reports

SHA-1 Hash on Approved Test Reports

Applies to QESTLab, QESTField

Making use of the SHA-1 hash functionality can be useful for confirming suspicions if you believe that issued signed reports have been altered by a third party.

Contents

Overview

The introduction of SHA-1 hash checking functionality to the QEST Platform represents a mid point on the security spectrum between the default Adobe PDF security flag and the more comprehensive and expensive model used to handle digital identity and sealing provided by Notarius within Construction Hive. Essentially the SHA-1 algorithm can be run on a given file to produce a string of characters - the hash. If the resultant hash differs from the original hash within the QEST Platform, the report has been altered in some manner and should not be considered trustworthy.

QESTLab Report Page

For any signed report within QESTLab a hash will appear at the bottom of the frame and can be Copied to Clipboard for use within third party applications which can compare two hashes.

QESTField Daily Summary Field Report

The hash for a signed Daily Summary Field Report is visible on after signing within QESTField on the summary page.

 

QESTField Forms

The hash for a signed report will appear within QESTField Forms by clicking on the ‘More Information’ menu.

Construction Hive

The hash for a signed report will appear within Construction Hive for signed reports sent from QESTLab. If that report is digitally sealed within Construction Hive, the hash will no longer be visible as the digital sealing is a more secure standard and the process of sealing the document alters the file and will thus alter the hash generated from that file.

Computing a Hash

To compute the hash for a report which you have reason to suspect has been tampered with, you have the following options:

PowerShell

Open a PowerShell prompt and using command line prompts navigate to the folder containing the saved signed report. Using the syntax example below, run the Get-FileHash command and it will compute the hash for a given file which you can compare against the reference hash supplied in QESTLab or email summary. The example below shows the command to be run assuming you are located in the directory where the file is saved.

get-filehash 'filename.pdf' -Algorithm SHA1

 

Mobile Applications

There are multiple applications available for Android devices from the Google Play Store, that can be used to compute and compare hashes for files downloaded to a mobile device. Typical functionality will generate the hash from a signed report and can be used to compare this against the hash supplied via email or through the QEST Platform. Alternatives with similar functionality exist on the Apple App store for those customers using iOS devices.

 

 

 

Related content

Integrity | Curiosity | Empathy | Unity

The content of this page is confidential and for internal Spectra QEST use only. Do not share, duplicate or distribute without permission.