How to bulk-seal a batch of documents and prove the whole set is unchanged
Sealing one file at a time works fine for a single contract. It breaks down when you're closing a deal with a dozen signed documents, or archiving forty exported reports at month-end. Here's how to seal a whole batch at once and prove the set, not just each file, is unchanged.
Sealing one file at a time works fine for a single contract. It breaks down the moment there is more than one document to account for: a deal closing with a signed master agreement, three schedules and two side letters; a compliance export of forty reports at month-end; a folder of evidence gathered for a dispute. Sealing each file individually still proves each one is unchanged — but it says nothing about whether the set is complete. Did all twelve closing documents actually get sealed, or only nine? Was a file quietly added or dropped after the fact? Bulk sealing answers that by sealing the whole batch in one action and issuing one signed manifest that covers the group as a whole, on top of the individual certificate each file already gets.
This guide covers what a manifest actually proves, how to create one, and where it's the right tool instead of sealing files one by one.
What a manifest adds on top of individual certificates
Every file in a batch still gets exactly the same certificate a single seal would produce — a SHA-256 hash, a UTC timestamp and an Ed25519 signature, independently shareable and verifiable at its own public certificate page. The manifest is a second, separate proof layered on top: it lists every file in the batch and carries a combined hash, computed from every member file's hash, then signed with the same service key. Change one byte in any one of the files, and both that file's own certificate and the manifest's combined hash stop matching — the tamper shows up at both the individual and the batch level.
One detail matters in practice: the combined hash is computed from the member hashes sorted, not in upload order. That means re-sealing the exact same set of files in a different order — or checking a manifest built by someone who uploaded them in a different sequence — still produces the identical combined hash. The manifest proves the set is unchanged, independent of how it was assembled.
Sealing a batch, step by step
- Open Bulk seal. Choose or drag in every file for this batch — up to twenty at once, 25 MB each, the same limits as a single seal.
- Seal. XSeal hashes and signs a certificate for each file, then builds and signs the manifest, all in one action. No account is required; a signed-in account keeps the batch in your dashboard alongside individually-sealed files.
- Keep the Manifest ID. It resolves to a public, no-login page listing every file with a link to its own certificate. Share that one link instead of twelve separate certificate links.
- Download the manifest JSON if you want an offline record: it carries the full file list, the combined hash, and the signature, so a third party can verify it independently of the website using the published public key.
What to bulk-seal
A few real situations where the batch, not just each file, is what needs proving:
- Deal and contract closings — the executed master agreement plus every schedule, exhibit and side letter, sealed together the moment the closing set is final, so nobody can later claim a schedule was swapped after signing.
- Compliance and audit exports — a month-end batch of reports or filings, sealed as one set so an auditor can confirm the whole export is exactly what was produced, not a curated subset.
- Evidence collections — screenshots, correspondence, and supporting files gathered for a dispute. If a record began as something on the web — a listing, a price page, a set of terms — capture it first with a tool such as Screencap.site, then bulk-seal the captures alongside the rest of the evidence so the whole collection is anchored together.
- Deliverable sets — a design handoff or a data release made up of several files that only make sense together, sealed as the release, not as loose parts.
Verifying a batch later
Open the manifest's public page any time. XSeal re-checks the Ed25519 signature and recomputes the combined hash from the listed files' own hashes on every visit — a live check, not a stored claim. Follow any file's link through to its own certificate to verify that specific document the same way you'd verify a single seal: upload your copy and confirm it matches. This is the same two-layer pattern the tamper-evident audit trail guide describes for a sequence of versions, applied instead to a set sealed at the same moment.
Where a manifest stops
A manifest proves the batch's integrity and time: that this exact set of files existed, unchanged, at the moment it was sealed. Like a single seal, it doesn't establish who authored the content and isn't a qualified electronic signature under eIDAS. If you need identity bound to a signing act, pair it with an e-signature step and seal the executed set afterward. And a manifest doesn't retroactively cover files sealed separately, earlier or later — it only vouches for the files sealed together, in that one action. For the underlying cryptography in more depth, see how to prove a document hasn't been altered.
Try it now
Bulk seal a real batch — even two or three files is enough to see the manifest and the individual certificates side by side. It needs no account and takes about the same few seconds a single seal does, however many files are in the set.