Design and Implementation of a Secure Document Verification System Using QR Codes and Digital Signatures
1. Name of Student & Supervisor
Student Name: Adnan Iliyasu
Registration Number: FCP/CSC/22/1043
Supervisor Name: Dr. Zahraddeen Karami Lawal
2. Title of Project
Design and Implementation of a Secure Document Verification System Using QR Codes and Digital Signatures
3. Introduction
Digital documents such as certificates, transcripts, identity cards, and official records are frequently used in government agencies, educational institutions, and business organizations. They make it easier to store, organize, and distribute information. As more enterprises shift from paper-based procedures to digital platforms, the requirement for secure document management has become increasingly crucial.
Despite the benefits of digital documents, authenticating their validity remains a serious difficulty. Many firms still rely on manual verification procedures or direct connection with the issuing authorities. These procedures are frequently slow, time-consuming, and not suited when quick verification is required. In addition, digital documents can be copied, edited, or faked, making it impossible to identify whether a document is authentic.
To address this problem, this project proposes the design and implementation of a secure web-based document verification system that uses QR codes and digital signatures. The system will use SHA-256 hashing and RSA cryptography to assist in verifying document integrity and authenticity. A QR code will be generated and attached to each document, allowing users to validate the document instantly by scanning the code. This will provide a secure and quick means of document verification without depending on manual confirmation from the issuing organization.
4. Aim and Objectives
Aim
The main aim of this project is to design and implement a secure system for signing and verifying digital documents using QR codes and digital signatures.
Objectives
-
To design and develop a secure web-based platform for document signing and verification.
-
To implement QR code generation, SHA-256 hashing, and RSA digital signatures for document authentication and integrity verification.
-
To evaluate the effectiveness, security, and reliability of the proposed document verification system.
5. Background / Literature Review
Information security is a field of computer science that focuses on securing information and computer systems from unwanted access, alteration, disclosure, or destruction. As organizations continue to depend on digital documents for communication and record keeping, protecting document authenticity and integrity has become increasingly important (Stallings,2017). One of the essential principles in information security is the CIA triad, which comprises Confidentiality, Integrity, and Availability. In document verification systems, integrity and authenticity are extremely crucial since they assist in ensuring that documents have not been altered and that they come from legitimate sources (Stallings, 2017). To ensure that documents have not been altered and that they come from legitimate sources, businesses and organizations, private or public, commonly use cryptographic techniques such as digital signatures and public-key cryptography. Digital signatures assist in verifying document authenticity and integrity, while QR codes provide a straightforward way of connecting physical documents to digital verification systems.
5.1 Related Works / Technologies / Techniques
Digital Signatures
Digital signatures are cryptographic techniques used to verify the validity and integrity of electronic documents. They are based on public-key cryptography, where a private key is used to sign data, and a public key is used to verify the signature. Common digital signature methods include RSA and ECDSA (Menezes, van Oorschot, and Vanstone, 1996).
Digital signatures provide the following:
-
Authentication of the document issuer.
-
Integrity of document content.
-
Non-repudiation of issued documents (Katz and Lindell, 2020).
QR Codes in Document Verification
QR codes are two-dimensional barcodes that can store information such as document identification or verification links. In document verification systems, QR codes allow quick access to verification services and support real-time authentication (ISO/IEC 18004, 2015). In most secure systems, QR codes do not keep the whole content. Instead, they contain information that ties the document to a verification service.
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) is a framework used to handle cryptographic keys and digital certificates. It allows the secure distribution of public keys and helps develop confidence between users and systems (Menezes, van Oorschot, and Vanstone, 1996). PKI is commonly used in digital identification systems, secure communication platforms, and document verification systems.
5.2 Case Studies / Similar Systems
NIMC Digital Identity System
The National Identification Management Commission (NIMC) uses QR-code-enabled identification credentials and digital identity services to assist safe identity verification. These technologies let authorized parties validate identification information while reducing dependence on physical papers (National Identification Management Commission, 2026).
Corporate Affairs Commission (CAC)
The Corporate Affairs Commission issues digital business registration paperwork that can be authenticated through QR-code-based verification systems. This helps increase the authenticity and accessibility of business records (Business Affairs Commission, 2026).
WAEC Digital Certificate Platform
WAEC provides a digital certificate infrastructure that allows candidates and institutions to access and verify examination certificates electronically. The software helps prevent certificate fraud and makes the verification procedure easier (WAEC, 2026).
Identified Gap
Although organizations such as NIMC, CAC, and WAEC have embraced digital verification systems, most of these solutions are tailored for specific institutions and cannot simply be used by other organizations. In addition, some present systems depend on centralized verification processes or closed platforms that may not provide independent real-time verification. This establishes dependence on the issuing organization anytime document validation is necessary. Therefore, there is a need for a safe and versatile document verification system that can be used by different businesses. Such a system should provide independent verification through digital signatures, hashing algorithms, and QR-code-based access.
6. Methodology / Research Methodology
This project will employ Agile Software Development Methodology since it supports incremental development and continuous testing. The methodology allows enhancements to be made during the development process.
Requirement Gathering and Analysis
Requirements will be gathered by researching existing document verification systems, academic papers, and online resources relevant to digital signatures, QR codes, and secure document management. The functional and non-functional requirements of the system will then be determined and documented.
System Design
The proposed system will be designed using appropriate modeling approaches. Diagrams such as Use Case Diagrams, Entity Relationship Diagrams (ERD), and System Architecture Diagrams will be used to describe system components, database structures, and user interactions.
System Development
The system will be constructed as a web application utilizing the PERN stack, which comprises PostgreSQL, Express.js, React.js, and Node.js. Organizations will be able to upload PDF documents, generate digital signatures, and attach QR codes for verification. Each company will have its own RSA public and private key pair for signing and verifying documents. The system will have a modular architecture to facilitate future growth. This strategy can allow enterprises to deploy and operate their own instances of the system while preserving control over their documents, databases, and cryptographic keys.
Testing
The system will undergo both functional and security testing to guarantee that all modules work as planned. Testing will focus on document verification, tamper detection, QR code functionality, and overall system reliability.
Evaluation
The system will be evaluated based on its capacity to deliver safe, accurate, and real-time document verification while retaining document authenticity and integrity.
7. Outcome / Deliverables
The expected outcomes of this project include:
-
A secure web-based document verification system.
-
A document upload and management module for PDF documents.
-
An authentication and authorization system using better-auth.
-
A digital signature generation and verification module based on RSA cryptography.
-
A QR code generation and embedding module for document verification.
-
A public verification interface for real-time document validation.
-
A PostgreSQL database for storing documents and verification records.
-
A tamper detection mechanism based on hashing and digital signature verification.
8. Tools and Techniques
| ### Software Tools | ### Techniques |
| React.js | Public-Key Cryptography |
| Node.js | Digital Signatures |
| Express.js | QR Code-Based Verification |
| PostgreSQL | SHA-256 Hashing |
| better-auth | RESTful API Development |
| QR Code Generation Library | - |
| Node.js Crypto Module | - |
| Git and GitHub | - |
9. Proposed Timeline
| Activities | Week 1 | Week 2 | Week 3 | Week 4 | Week 5 | Week 6 | Week 7 | Week 8 |
| Requirement Analysis | ||||||||
| System Design | ||||||||
| Database Design | ||||||||
| Backend Development | ||||||||
| Frontend Development | ||||||||
| Digital Signature Implementation | ||||||||
| QR-Code Integration | ||||||||
| System Testing | ||||||||
| Documentation |
References
ISO/IEC (2015) ISO/IEC 18004: QR Code Bar Code Symbology Specification. International Organization for Standardization.
Katz, J. and Lindell, Y. (2020) Introduction to Modern Cryptography. 3rd edn. CRC Press.
Menezes, A.J., van Oorschot, P.C. and Vanstone, S.A. (1996) Handbook of Applied Cryptography. CRC Press.
Stallings, W. (2017) Cryptography and Network Security: Principles and Practice. 7th edn. Pearson.
National Identity Management Commission (2026) Mobile Digital Identity and Verification Services. Available at: https://nimc.gov.ng/mobile-digital-id/ (Accessed: 2 June 2026).
Corporate Affairs Commission (2026) Integrated Corporate Registration Portal (iCRP). Available at: https://icrp.cac.gov.ng/ (Accessed: 2 June 2026).
West African Examinations Council (2026) WAEC Digital Certificate Platform. Available at: https://www.waec.org/ (Accessed: 3 June 2026).