ZDDC Transmittal

Drop sender logo (optional) Drop sender logo

Drop receiver logo (optional) Drop receiver logo

Drop HTML or JSON to import transmittal data

Tracking Number

Date

From

Purpose

Subject

Integrity Not Validated (requires JavaScript)

Drop folder to scan / verify Drop HTML or JSON to import

#	TRACKING NUMBER	TITLE	REVISION	STATUS	EXT	SIZE	SHA256

What is a Transmittal?

A transmittal is a cover sheet that travels with a set of files. It records what was sent, to whom, and when. This tool produces a single self-contained HTML file that serves as both the cover sheet and a cryptographic proof of what was delivered.

How it works: Each file in the transmittal is fingerprinted with a SHA-256 hash — a value computed from the file’s contents. Change even one byte and the hash changes, so a matching hash proves the file is unaltered. The transmittal then hashes the entire payload (header, file list, and all per-file hashes) into a single digest. Optionally, one or more people can digitally sign that digest.

Typical Workflow

Fill in the header — tracking number, date, recipient, project, etc.
Optionally Save Draft to create a reusable template.
Add files — paste rows from a spreadsheet, or use Scan Directory to read a folder and compute hashes automatically.
Review the file table and remarks.
Use Verify Directory to confirm every listed file is present and unchanged.
Publish — click Publish for an unsigned digest, or use the dropdown for Publish Signed (with a signing key) or Save Draft. The output is saved to the working directory, or downloaded if no directory is selected.
Distribute — send the HTML alongside the actual files.

Signing Keys

Signing keys are stored in .zddc-key files. When generating a new key, you can optionally protect it with a password. Password-protected keys require the password each time they are used to sign.

Keys without a password work immediately, like an unprotected SSH key.

Verification Levels

A published transmittal provides up to four escalating levels of integrity protection. Higher levels guard against increasingly sophisticated threats:

Static HTML — A human-readable record of everything sent. Works without JavaScript (e.g. on a SharePoint site). No cryptographic protection.
Digest check — With JavaScript, the tool recomputes the SHA-256 digest and compares it to the stored value. A match proves nothing changed since publication. Detects accidental corruption, but someone could alter both the data and the digest.
Digital signatures — ECDSA signatures bind the digest to a signer’s private key. Any change invalidates the signature, preventing undetected tampering. Add signatures after publishing via Add Signature.
Independent verification — A tampered HTML file could ship modified JavaScript that always says “Verified.” To rule this out, the recipient opens the sender’s file in their own trusted copy of the tool using Import HTML. This extracts the raw data and re-verifies it with the recipient’s own code. Use this level for anything that matters.

Level 4 assumes the recipient’s tool is trustworthy (downloaded from a known source or built from source). A reference instance is at zddc.varasys.io.

Menu Actions

Actions available from the dropdown button. draft items appear only while editing. published items appear only after publishing. Unmarked items appear in both modes.

Save Draft draft: Downloads the current state as an HTML file. Reopen it later to continue editing, or use it as a template for new transmittals.
Revise published: Unlocks a published transmittal back into an editable draft.
Add Signature published: Signs the digest with a new ECDSA key and downloads the updated file. Multiple people can sign sequentially.
Acknowledge Receipt published: Same as Add Signature, but labeled “Received By” in the signature list — used by the recipient to confirm delivery.

Table Clipboard

Paste New Rows draft: Replaces the file table with tab-separated data from the clipboard (e.g. copied from Excel).
Paste Append Rows draft: Appends clipboard rows to the existing file table.
Copy Table: Copies the file table as tab-separated text for pasting into spreadsheets.

Data Import & Export

Import HTML: Opens a published transmittal HTML, extracts its data, and re-verifies it with your own code (Level 4). You can also drag-and-drop an HTML or JSON file directly onto the Header or File table drop zones — drag anything over the page to reveal the zones.
Copy JSON: Copies the raw transmittal data as JSON for backup or transfer.
Paste JSON draft: Loads transmittal data from JSON on the clipboard.

Drag-and-Drop Zones

Drag any file or folder over the page to reveal labelled drop zones. Zones that can accept your data are highlighted in blue; others are dimmed.

Sender / Receiver logo zones: Top-left and top-right areas. Accept image files. Edit mode only.
Header zone draft: The form header area. Accepts a transmittal HTML or JSON file to import all fields.
File table zone: The document list area. Accepts a folder (triggers Scan or Verify), or a transmittal HTML/JSON file.

Directory Operations

Requires a Chromium-based desktop browser (File System Access API).

Scan Directory draft: Picks a local folder, lists every file, and computes SHA-256 hashes to populate the file table.
Verify Directory: Picks a local folder and checks that each file on disk matches its hash in the transmittal.

Other

Create Index: Scans transmittal folders and builds a .archive directory of small HTML redirects keyed by tracking number, revision, and hash — enabling direct links between documents in a file-based archive.
Reset: Clears everything and restores the blank template.