1. Executive Summary
Casa Hacker is a Brazilian non-profit civil-society organisation dedicated to STEAM education and social innovation. As part of its institutional capacity-building programme, Casa Hacker deployed a self-hosted instance of Documenso Community Edition as its electronic document-signing and digitisation platform.
This case study is offered to the Documenso community as a practical reference for organisations seeking to build legally compliant document-signing infrastructure using open-source technology.
Key finding: When configured with an ICP-Brasil A1 certificate, RFC 3161 timestamps, and an appropriate pre-processing workflow, Documenso CE delivers qualified electronic signatures — the highest legal tier under Brazilian law — at a fraction of the cost of proprietary alternatives.
2. About Casa Hacker
Casa Hacker is a non-profit association headquartered in São Paulo, Brazil. Its mission is to make STEAM education and social innovation accessible to everyone. The organisation operates several public-interest digital services, including a Moodle-based learning platform (Mão na Massa), an anonymous whistleblowing channel (Abre o Jogo, powered by GlobaLeaks), and survey infrastructure used by civil-society partners throughout Brazil.
Casa Hacker’s infrastructure philosophy rests on self-sovereignty: wherever viable, services are self-hosted on Brazilian soil using open-source software. This approach reduces dependency on proprietary SaaS providers, lowers operating costs, and ensures full control over sensitive data — a critical requirement when handling documents related to public-interest work.
3. The Challenge
Civil-society organisations in Brazil face a specific tension. On the one hand, they are legally required to maintain documentation with a high degree of authenticity — contracts with funders, employment agreements, declarations to public bodies. On the other hand, they typically operate with severely constrained budgets. Commercial electronic-signature platforms often charge per-document or per-user fees that become prohibitive at scale.
Beyond cost, organisations working in the public interest must be able to demonstrate, at any future point, that a document was signed by specific parties at a specific moment in time. This requirement maps directly to the legal concept of qualified electronic signatures under Brazilian law.
Casa Hacker evaluated several platforms before selecting Documenso CE. The decisive factors were the combination of open-source transparency, self-hosting capability, and — critically — native support for external signing certificates, which allowed the organisation to integrate its own ICP-Brasil A1 certificate directly into the signing pipeline.
4. Brazilian Legal Framework for Electronic Signatures and Document Digitisation
4.1 The Three-Tier Classification
Brazilian law recognises three tiers of electronic signature, each carrying a different evidentiary weight. The framework is established principally by Lei 14.063/2020.
| Tier | Legal Basis | Technology Required | Evidentiary Weight |
|---|---|---|---|
| Simple (Simples) | Lei 14.063/2020, Art. 4º, I | Any data that identifies the signer | Lowest — mere identification |
| Advanced (Avançada) | Lei 14.063/2020, Art. 4º, II | Non-ICP certificate or agreed method; uniquely linked to signer; tamper-evident | Moderate — equivalent to a signature recognised by similarity (firma reconhecida por semelhança) |
| Qualified (Qualificada) | MP 2.200-2/2001, Art. 10 §1; Lei 14.063/2020, Art. 4º, III | ICP-Brasil certificate issued by an accredited CA | Highest — presumption of authenticity; equivalent to a notarised signature |
4.2 Key Legislation
Medida Provisória 2.200-2/2001
This foundational instrument created the ICP-Brasil (Infraestrutura de Chaves Públicas Brasileira), the national public-key infrastructure. Article 10, §1 establishes that documents signed with ICP-Brasil certificates carry a legal presumption of authenticity equivalent to that of handwritten signatures under Article 219 of the Civil Code. The MP remains in force by constitutional provision and has never been superseded.
Lei 12.682/2012 — Document Digitisation
Article 1 regulates the digitisation, electronic storage, and reproduction of public and private documents. The law defines digitisation as the faithful conversion of a physical document to digital form. Documents digitised under this law may replace the original paper for all legal purposes, provided the authenticity and integrity requirements are satisfied.
Lei 13.874/2019 — Economic Freedom Act
This law updated Lei 12.682/2012 to reinforce the legal validity of digitised documents and extended validity to private-sector digitisation workflows, reducing bureaucratic requirements for companies and organisations.
Decreto 10.278/2020 — Technical Standards for Digitisation
This decree operationalises Lei 12.682/2012 by defining the specific technical standards that a digitisation process must satisfy for the resulting document to carry the same probative value as the physical original. Key requirements include: minimum 300 DPI resolution, PDF/A-2B format, mandatory metadata fields, and a qualified electronic signature (ICP-Brasil) certifying the author of the digitisation and the document’s integrity.
For documents involving only private parties, Article 6 allows any agreed method of proof. In the absence of a prior agreement, the ICP-Brasil standard applies by default.
STJ — REsp 2.159.442 (December 2024)
The Superior Court of Justice (STJ), Brazil’s highest court for non-constitutional matters, unanimously held that advanced electronic signatures carry valid legal force even when the certifying entity is not ICP-Brasil-accredited. Justice Nancy Andrighi wrote that the advanced signature is equivalent to a signature recognised by similarity (firma por semelhança), whilst the qualified signature is equivalent to a signature recognised by authenticity (firma por autenticidade). Both are legally valid; the difference lies in the standard of proof required to challenge them.
Practical implication: Documents signed through Documenso CE with a valid ICP-Brasil A1 certificate receive the highest legal protection available under Brazilian law. Documents signed without ICP-Brasil but with adequate identity verification remain legally valid, though they may require additional evidence if challenged.
5. Documenso Community Edition
Documenso is an open-source, self-hosted electronic document-signing platform positioned as a transparency-first alternative to DocuSign and similar proprietary services. The Community Edition is free and available at github.com/documenso/documenso under the AGPL-3.0 licence.
Key capabilities relevant to Brazilian legal compliance:
- External signing certificates: Native support for PKCS#12 (.p12) certificates, enabling direct use of ICP-Brasil credentials
- RFC 3161 timestamps: Integration with timestamp authorities for Long-Term Validation (LTV), certifying the exact moment of signature independently of any party
- Immutable audit trail: Every action on every document is recorded and preserved
- PDF-based workflow: Documents are standard PDFs verifiable by any PDF reader or by the Brazilian ITI/VALIDAR portal
- Self-hosted architecture: Data never leaves the organisation’s own infrastructure
- Multi-recipient signing: Configurable signing order with support for sequential and parallel workflows
- Access control: Public registration can be disabled for restricted, organisation-only deployment
6. Casa Hacker’s Deployment Configuration
6.1 Infrastructure Overview
Casa Hacker operates Documenso CE on a self-hosted Linux server located in São Paulo, Brazil. The entire stack runs in Docker containers with Traefik as a TLS-terminating reverse proxy. SSL certificates are obtained automatically from Let’s Encrypt.
The deployment uses a dedicated PostgreSQL database and connects to an external SMTP relay for notification emails. User registration is disabled (NEXT_PUBLIC_DISABLE_SIGNUP=true), restricting access to authorised organisational users.
| Component | Technology | Notes |
|---|---|---|
| Application | Documenso CE (latest) | Self-hosted; public registration disabled |
| Database | PostgreSQL 15 | Dedicated container; data on host volume |
| Reverse proxy | Traefik v2.11 | Automatic TLS via Let’s Encrypt; CrowdSec WAF integration |
| Operating system | Ubuntu 24.04 LTS | Brazilian data centre; data sovereignty maintained |
| Email relay | External SMTP | Transactional emails; sender domain authenticated |
| Signing certificate | ICP-Brasil A1 (e-CNPJ) | Issued by AC VALID BRASIL v5; organisational identity |
| Timestamp authority | DigiCert + Sectigo | RFC 3161; dual-TSA redundancy for LTV |
| PDF tool | Stirling PDF (Ultra-Lite) | Pre-processing: PDF/A conversion before upload |
| Backup | Azure Blob Storage | Three geographic regions; nightly encrypted backup |
| Intrusion prevention | CrowdSec v1.7.6 | Community blocklist + Traefik + iptables layers |
6.2 ICP-Brasil Certificate Configuration
The signing certificate is a Brazilian ICP-Brasil A1 organisational certificate (e-CNPJ type) issued by AC VALID BRASIL v5, a certification authority accredited under the ICP-Brasil chain. The certificate holder is the organisation itself rather than a specific individual, making it appropriate for institutional document signing.
The certificate is stored as a PKCS#12 (.p12) file mounted directly into the Documenso container. The signing passphrase is provided via an environment variable and is never stored in plain text in any version-controlled configuration file.
Relevant environment configuration parameters:
NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH— path to the .p12 file inside the containerNEXT_PRIVATE_SIGNING_PASSPHRASE— certificate passphrase (managed via secrets)NEXT_PRIVATE_SIGNING_TIMESTAMP_URLS— dual TSA endpoints (DigiCert and Sectigo)
Operational note: The certificate validity period is tracked in the organisation’s operational calendar. Renewal must be initiated at least 30 days before expiration to avoid interrupting signing capability.
6.3 RFC 3161 Timestamp Integration
Two RFC 3161 Timestamp Authority endpoints are configured: one operated by DigiCert and one by Sectigo. This dual-TSA arrangement provides redundancy — if one authority is temporarily unavailable at the moment of signing, the other is used automatically.
The timestamp cryptographically binds the document hash to an exact moment in time using a trusted third-party clock. This is the mechanism behind Long-Term Validation (LTV): even after the signing certificate expires, the timestamp proves that the signature was created whilst the certificate was valid, preserving the document’s legal standing indefinitely.
This configuration resolves the “Indeterminada” status that untimestamped documents display in the ITI/VALIDAR portal. Signed documents produced by this setup are reported as valid (“Válida”) in ITI/VALIDAR, the official Brazilian government validation tool.
7. Operational Use Cases
7.1 Signing Workflow for Natively Digital Documents
For documents created directly in digital form — contracts, agreements, declarations — the workflow proceeds as follows:
| Step | Action |
|---|---|
| 1 | The authorised administrator logs into Documenso at the organisation’s private URL |
| 2 | A PDF document is uploaded and recipients are defined, each assigned signature fields |
| 3 | Signing order is configured (sequential or parallel) as required |
| 4 | Recipients receive a signing link by email; no Documenso account is required to sign |
| 5 | Upon completion, Documenso applies the ICP-Brasil A1 certificate to the final PDF |
| 6 | The RFC 3161 timestamp is embedded, anchoring the signing event in time |
| 7 | All parties receive a final signed PDF; the document is archived in the platform |
The resulting document is a standard PDF containing an embedded qualified electronic signature, verifiable by Adobe Acrobat Reader, any PDF validator, and the Brazilian ITI/VALIDAR portal (iti.gov.br/validar).
7.2 Digitisation Workflow for Physical Documents
For physical documents that must be preserved in digital form with full legal equivalence to the original — minutes, signed agreements, certificates — the following workflow satisfies the requirements of Decreto 10.278/2020:
| Step | Action | Tool | Legal Requirement Met |
|---|---|---|---|
| 1 | Scan document at minimum 300 DPI | Scanner | Decreto 10.278/2020, Annex I: minimum resolution |
| 2 | Convert output to PDF/A-2B format | Stirling PDF (self-hosted) | Decreto 10.278/2020, Annex I: archival format |
| 3 | Embed mandatory metadata (author, date, equipment, document type) | PDF metadata editor or Stirling PDF | Decreto 10.278/2020, Annex II: required metadata fields |
| 4 | Upload to Documenso and apply organisational signature | Documenso CE | Lei 12.682/2012, Art. 3: ICP-Brasil signature on digitisation |
| 5 | RFC 3161 timestamp applied automatically at signing | Documenso CE + TSA | Decreto 10.278/2020: integrity and temporal proof |
| 6 | Document archived in Documenso with audit log | Documenso CE | Lei 12.682/2012, Art. 3, sole paragraph: access protection |
Note: Stirling PDF (Ultra-Lite version, without OCR) handles PDF/A-2B conversion and basic metadata editing without requiring any external service. Both Documenso and Stirling PDF run as self-hosted containers on the same server, keeping the entire workflow within the organisation’s controlled infrastructure.
7.3 Scope and Limitations
This configuration is appropriate for:
- Contracts and agreements with private parties and civil-society partners
- HR documentation (employment terms, volunteer agreements)
- Declarations and authorisations
- Organisational governance documents (meeting minutes, board decisions)
- Compliance and due-diligence forms (KYC/KYS, supplier conformance)
- Documents submitted to public entities that accept advanced or qualified signatures
The following use cases fall outside the scope of this configuration and require additional infrastructure or individually held qualified certificates:
- Real-estate transfer and registration — requires individual ICP-Brasil certificates and notarial involvement
- Electronic invoices (NF-e) — governed by SEFAZ’s own infrastructure
- Judicial proceedings — subject to court-specific regulations
8. Legal Compliance Summary
8.1 Signature Compliance
| Legal Requirement | How Met | Status |
|---|---|---|
| Qualified electronic signature (Lei 14.063/2020, Art. 4, III) | ICP-Brasil A1 certificate (AC VALID BRASIL v5) applied by Documenso at signing time | COMPLIANT |
| Presumption of authenticity (MP 2.200-2/2001, Art. 10 §1) | Signature uses ICP-Brasil certificate, triggering the statutory presumption | COMPLIANT |
| Long-Term Validation / timestamp | Dual RFC 3161 TSAs (DigiCert + Sectigo) embedded in every signed PDF | COMPLIANT |
| ITI/VALIDAR compatibility | Validated — signed documents display the status “Válida” in the official portal | COMPLIANT |
| Document immutability post-signature | Any post-signature modification invalidates the embedded signature; detectable by any validator | COMPLIANT |
| Audit trail | Documenso records all document events (upload, view, sign, complete) with timestamps | COMPLIANT |
8.2 Digitisation Compliance
| Legal Requirement | Source | How Met | Status |
|---|---|---|---|
| 300 DPI minimum resolution | Decreto 10.278/2020, Annex I | Enforced at scanning stage before upload | COMPLIANT |
| PDF/A-2B archival format | Decreto 10.278/2020, Annex I | Stirling PDF converts to PDF/A-2B prior to upload | COMPLIANT |
| Mandatory metadata fields | Decreto 10.278/2020, Annex II | Embedded in PDF before signing using metadata tools | COMPLIANT |
| ICP-Brasil signature certifying authorship and integrity | Lei 12.682/2012, Art. 3; Decreto 10.278/2020, Art. 5 | Documenso applies A1 certificate at signing | COMPLIANT |
| Protection from unauthorised access | Lei 12.682/2012, Art. 3, sole paragraph | HTTPS, authentication, CrowdSec WAF, Docker network isolation | COMPLIANT |
| Tamper evidence | Decreto 10.278/2020, Art. 4 | Digital signature cryptographically links document to its hash; any change invalidates the signature | COMPLIANT |
9. Cost Analysis
9.1 Total Cost of Ownership (Annual)
All costs are based on actual pricing as of Q1 2025. USD figures use an indicative exchange rate of R$ 5.75/USD.
Documenso-specific annual TCO (ICP certificate + attributable hosting fraction): approximately R$ 600–R$ 1,000 per year (USD 104–174).
| Component | Cost (BRL/year) | Cost (USD/year) | Notes |
|---|---|---|---|
| VPS hosting (2 vCPU, 4 GB RAM, 67 GB SSD — Brazil) | R$ 1,800–R$ 2,400 | ~USD 313–417 | Shared with all other services; cost partially allocated |
| Documenso CE licence | R$ 0 | USD 0 | AGPL-3.0 open source; unlimited documents and users |
| ICP-Brasil A1 certificate (e-CNPJ, 1 year) | R$ 250–R$ 400 | ~USD 43–70 | Issued by accredited CA; annual renewal required |
| RFC 3161 timestamp (DigiCert + Sectigo) | R$ 0 | USD 0 | Free public TSA services; no per-stamp cost |
| SSL/TLS certificate (Let’s Encrypt) | R$ 0 | USD 0 | Automated via Traefik ACME integration |
| Azure Blob Storage (3 regions, nightly backup) | R$ 0 | USD 0 | Microsoft non-profit donated credits |
| Stirling PDF (PDF/A conversion tool) | R$ 0 | USD 0 | AGPL-3.0 open source; self-hosted |
9.2 Comparison with Commercial Alternatives
The following comparison uses publicly available pricing as of Q1 2025 for equivalent functionality — qualified electronic signatures with ICP-Brasil compliance in Brazil.
| Platform | Model | Est. Annual Cost (BRL) | ICP-Brasil Native | Self-Hosted |
|---|---|---|---|---|
| Documenso CE + ICP-Brasil A1 | Self-hosted OSS | R$ 600–R$ 1,000 | Yes (external cert) | Yes |
| DocuSign (Business Pro) | SaaS — per envelope | R$ 3,600–R$ 7,200+ | No (via partner) | No |
| Certisign Assinaturas | SaaS — per document | R$ 2,400–R$ 6,000+ | Yes (proprietary) | No |
| BirdSign / ZapSign (Advanced) | SaaS — per document | R$ 1,800–R$ 4,800+ | No (advanced only) | No |
| Gov.br Assinatura | Free — personal use only | R$ 0 | Yes (Gov.br level) | No (government SaaS) |
Bottom line: For a civil-society organisation signing 100–500 documents per year, Documenso CE with an ICP-Brasil A1 certificate delivers qualified-level legal protection at 10–20× lower cost than equivalent commercial SaaS platforms — whilst keeping all data under the organisation’s direct control.
10. Security and Operational Considerations
10.1 Infrastructure Security
The Documenso instance is protected by multiple independent security layers:
- Network-level protection: CrowdSec IDS/IPS with community threat intelligence, operating at both the Traefik reverse proxy layer (HTTP) and the host iptables layer (all protocols, including SSH)
- Transport security: TLS 1.2/1.3 enforced at the Traefik layer; automatic certificate renewal via ACME/Let’s Encrypt
- Access control: User registration is disabled; only pre-provisioned accounts can access the administration interface
- Network isolation: Each service stack runs in its own Docker network; Documenso exposes only its designated port to the Traefik network
- Backup: Encrypted nightly backups to Azure Blob Storage across three geographic regions (Europe, Americas, Africa)
10.2 Certificate Lifecycle Management
The ICP-Brasil A1 certificate is a time-limited credential that requires active lifecycle management:
- Certificates are valid for one year from issuance; renewal must be initiated at least 30 days before expiration
- Renewal requires presenting updated organisational documents to the Registration Authority and paying an annual fee
- After renewal, the new .p12 file must be deployed to the server and the Documenso container restarted
- The expiration date should be tracked in the organisation’s operational calendar with automated reminders
Note on the ICP-Brasil certificate roadmap: The ICP-Brasil governance body has announced a transition from A1/A3 certificates for legal entities towards an Electronic Seal (Selo Eletrônico) model, scheduled for completion by 2029. Organisations should monitor ITI communications at iti.gov.br for migration guidance. Documenso’s certificate-agnostic architecture (PKCS#12 standard) means it will be compatible with the new Selo Eletrônico format when available.
11. Conclusion
Documenso Community Edition, when properly configured with an ICP-Brasil A1 organisational certificate and RFC 3161 timestamp authorities, delivers a document-signing and digitisation infrastructure that fully satisfies the highest tier of Brazilian electronic-signature law.
For organisations like Casa Hacker that handle legally consequential documents — contracts with public and private partners, compliance records, organisational governance — this configuration provides:
- Qualified electronic signatures with statutory presumption of authenticity
- Digitisation workflows that produce records legally equivalent to physical originals
- Long-term archival validity through RFC 3161 timestamping
- Complete data sovereignty — no documents ever leave the organisation’s infrastructure
- Cost efficiency — the primary recurring cost is the ICP-Brasil certificate (~R$ 300–400/year)
This case study demonstrates that open-source document-signing infrastructure, when deployed thoughtfully, can meet or exceed the legal standards achieved by commercial alternatives at a fraction of the cost — making it a genuinely viable option for civil-society organisations, NGOs, academic institutions, and small businesses operating in Brazil.
12. Acknowledgements
Casa Hacker thanks the Documenso team and open-source community for building a platform that prioritises transparency, self-sovereignty, and legal rigour. The decision to support external signing certificates — rather than locking organisations into a proprietary certificate infrastructure — was the single feature that made this deployment possible.
This whitepaper is offered to the Documenso community as a contribution to the shared knowledge base around legally compliant deployments in Brazil and, potentially, in other jurisdictions with mature public-key infrastructure frameworks.
References
- Medida Provisória nº 2.200-2/2001 — planalto.gov.br
- Lei nº 12.682/2012 — planalto.gov.br
- Lei nº 13.874/2019 (Lei da Liberdade Econômica) — planalto.gov.br
- Lei nº 14.063/2020 — planalto.gov.br
- Decreto nº 10.278/2020 — planalto.gov.br
- STJ — REsp 2.159.442 (December 2024) — stj.jus.br
- ITI/VALIDAR — gov.br/iti
- Documenso CE — github.com/documenso/documenso
- ICP-Brasil — iti.gov.br
