TimestampIt! FAQ

What is a Trusted Timestamp?

Trusted Timestamps are a means of protecting important files from alteration and marking them with a timestamp they were known to exist at. Trusted Timestamps are "proof of existence" for digital data. You can use them to protect your code, documents, or any kind of digital data.

Trusted Timestamps from TimestampIt! are plain text files that contain eight fields of data. They look like this:

1.0|ws98t73ko1np|2024-08-07T15:54:08Z|sha256|d9532ff9db7ef72cb3a975ba18cc617ae0498753dd7261c04ab56e40204a7b08|https://timestampit.com/key/kleybzu2afwz|
6UT49yekq3c5DC1G7Nclhlr7i6pczWyc5FnFnJ0u5XfFMpJVKfjFE6lOraGqmxTvxKWKiw5jyy4YSA9d029aCg==

For a full description of each field, refer to the design documentation.

How are Trusted Timestamps created?

Trusted Timestamps are created against a file. The file could be a document, source code, image, or any kind of file. The file is hashed using a standard hashing algorithm like SHA3-256 which creates a hash digest. The hash digest is sent to TimestampIt! which combines it with a timestamp and some other data to create the Trusted Timestamp file.

TimestampIt! supports creation of Trusted timestamps through our basic HTTP API. We also offer a webform for creating trusted timestamps for single files.

How are Trusted Timestamps verified?

Verification of Trusted Timestamps consists of two independent steps.

In step 1, the cryptographic signature of the Trusted Timestamp is verified using a verification key. If the signature of the Trusted Timestamp correctly verifies, then the Trusted Timestamp is verified as an authentic Trusted Timestamp from TimestampIt!.

In Step 2, the hash digest from the Trusted Timestamp is compared to a hash digest from the file being verified against. If the digests match, then it is verified that the file is the same file against which the Trusted Timestamp was created.

It is also possible to put extra data into the Trusted Timestamp to enable additional custom validations beyond the those standard two validations.

Minimal examples of verification programs are available in our example clients repo.

Where did the idea for trusted timestamps come from?

TimestampIt! is loosely based on the RFC3161 Trusted Timestamping standard from 2001

TimestampIt! has taken the idea of Trusted Timestamps from RFC3161 and redesigned them to be more simple, accessible, and extensible.

How much does it cost?

Creating Trusted Timestamps is free and will always be free on TimestampIt!. Accessing verification keys will also always be free so that Trusted Timestamps can always be verified by anyone. We do implement rate limits to prevent abuse of our service.

We are investigating potential paid features that may include long term storage or advanced delivery mechanisms for Trusted Timestamps.

My data is very sensitive. How do I know I can trust TimestampIt! ?

Trusted Timestamps are made with zero-knowledge of the underlying data or files Your data remains private and never leaves your computer. This is done by "hashing" your file locally and sending the resulting digest to TimestampIt! for timestamping. TimestampIt! does not store the files it time-stamps in any way. Because of this design, TimestampIt! is suitable for any kind of data at any level of sensitivity.

What digital signature algorithm is being used?

Trusted Timestamps are signed using the ED25519 digital signature algorithm. This algorithm was chosen because it offers high security with relatively small verification keys. It is also efficient on CPU. It is free of patents and based on proven Schnorr signatures.

There are implementations for verifying ED25519 signatures in most popular languages as well as in OpenSSL. Refer to our example clients repo for reference implementations of verification.