TimestampIt!

Trusted Timestamps. Simplified.

Log inSign Up

GET https://timestampit.com/key/<key id>

Retrieve a verification key. The format of the returned key depends on the value of the Accept header that is sent.

Authentication

No authentication is needed for this endpoint. Anyone can get verification keys in order to verify existing Trusted Timestamps.

Accept Header

Users can specify which format they want the verification key returned in by using the Accept header.

Accept header value Returned key format
application/json JSON document. See below for a description of fields.
application/octet-stream Raw binary key that is always 32 bytes/octets in length.
none/any other value PEM file format.

Example responses

PEM format key

Keys in pem format are compatible with OpenSSL and follow the encoding rules in RFC8410.

A key in pem format will look like this:

-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAUA/1H/qlD5nZohS/4/pJDNK1GXFXKq1TJbceRpFb8Pw=
-----END PUBLIC KEY-----

JSON format key

JSON formatted verification keys include the verification keys in several formats as well as some additional metadata.

A key in JSON format will look like this:

{
  "id": "5rbcys6vo9pr",
  "pem": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA9i77dINUK4T5Jp/JEklAqvj74g5w6rFXHIvBC4/6+78=\n-----END PUBLIC KEY-----\n",
  "hex": "f62efb7483542b84f9269fc9124940aaf8fbe20e70eab1571c8bc10b8ffafbbf",
  "activation_tt": "1.0|wo68mtowd0g3|2024-07-20T06:32:25Z|raw|f62efb7483542b84f9269fc9124940aaf8fbe20e70eab1571c8bc10b8ffafbbf|http://timestampit.com/key/gv3jfji15q9m|\nrwAmFgNVzmZrRPOCIORTHhBL62kEXDDgCaKwygMRUU9FRH9qdViBJIvOQH0YOiWLVOq7oyIvCgwBq2sMwX+wCg==",
  "retirement_tt": "1.0|vkc9sgds2xs1|2024-07-21T19:55:54Z|raw|f62efb7483542b84f9269fc9124940aaf8fbe20e70eab1571c8bc10b8ffafbbf|http://timestampit.com/key/em90guswkwkm|\nFxGNPwKfaB0oYOalYXx0MS1MGQKcPg+qs/8hQ0EAlWh3b6PIHO6+n40dplwJYkEkmdIJjG4GEJ3434jS5IFTDw=="
}

JSON Fields

Field Description
ID A unique identifier for the verification key. IDs are non-sequential, randomly generated, and composed of alphanumeric characters. They are current 12 characters in length, but that is subject to change.
pem The verification key in pem format, per RFC8410.
hex The verification as a hexadecimal encoded string. Decoding this hexadecimal string yields the 32 byte binary verification key.
activation_tt This field describes when the key was created and made to be the current signing key. This field is a simple formatted Trusted Timestamp. It is signed by the previous signing key, and can be verified by the previous signing key in the keychain. Any Trusted Timestamp signed by this key with a timestamp preceding the activation time should be considered invalid. This field is never null/empty.
retirement_tt This field describes when this key was retired and replaced with the next key in the keychain. It is signed by the succeeding verification key. Any Trusted Timestamp signed by this key with a timestamp after the retirement time should be considered invalid. This field is null for the current signing key only. All other keys will have this field populated.