A sender initiating a signature request from a file in Box must have permissions to download that file. A sender without download permissions receives an error message.
Note: Where a user has permissions to download a file, Box Sign permits this user to send the file to others for signing, even if permissions are set that would prevent the generation of an external or internal shared link for the file.
When a sign request is triggered from a file in Box, or that is uploaded to Box via Box Sign, Box prepares the document as a PDF. This PDF document then goes through the sign workflow.
These PDF documents within the Box Sign workflow are always stored in Box regardless of whether the workflow is completed or is in progress. The content within the Box Sign workflow is always protected in the same way as your other Box content.
When the document is submitted for signing, Box locks the file. A recipient can unlock the file in web, desktop or mobile, but doing so cancels the signature request, and Box sends an email notification to alert the sender.
After all recipients sign the document, Box unlocks the original document, and creates the signed copy as a PDF with a digital certificate, and generates a unique hash from this PDF so that any changes made to the document after the signing process is closed can be detected by comparing hash codes.