Frequently asked questions (FAQ)

General Questions

What is OriginStamp?

OriginStamp is a trusted timestamping service for digital content. You can use our service to prove that you were in possession of an information or a file, e.g., PDF, image, video, at a specific time.

How is a timestamp created?

A timestamp is created in several steps. The steps are almost the same as for verifying a timestamp. (GitHub Repository)

  1. The SHA-256 hash of the original file is created.
  2. The hash of the original file is combined with many other hashes in a Merkle tree for a certain time interval.
  3. The root of the Merkle tree now represents all hashes of all original files. The root is defined to be a private key.
  4. From the private key a public Bitcoin address is derived.
  5. Finally, a small amount is sent to that Bitcoin address. The time of the transaction is the time of the timestamp of the original file.

How do I verify a timestamp with OriginStamp?

To verify a timestamp with OriginStamp requires only the original file. Then, there are two options:

  1. By sending the hash of the original file to us, we will return the blockchain-based timestamp that is known to us for that hash.
  2. By sending the hash of the original file to us, we can also return the proof of the timestamp for that hash. Then you can proceed to verify the timestamp for that hash without OriginStamp.

How do I verify a timestamp without OriginStamp?

To verify a timestamp without OriginStamp requires the original, unaltered file and the proof of the timestamp for this file.

This would only affect the creation of new trusted timestamps with OriginStamp. For the verification of already created timestamps you don't need us. What you need is:

  1. Keep your original files and the seed text
    • Calculate the SHA256 fingerprint of your original source.
    • Check the seed if it contains your hash fingerprint.
    • Calculate the SHA256 hash of the seed.
  2. Calculate the Bitcoin address
    • Use the determined SHA256 hash of the seed as private key and convert it to uncompressed Base58 encoded bitcoin address. See Mastering Bitcoin by Andreas Antonopoulos.
  3. Verify transaction
    • To verify the transaction and address acccess the Bitcoin blockchain.

Tamper-proof timestamp

Please keep in mind that you can only verify a timestamp made with OriginStamp after the hash has been submitted to the Bitcoin blockchain (happens every hour). The existence of the hash fingerprint on our website alone isn't the final proof yet.

Keep Your Original

Always keep and archive your original sources and the whole seed. With this combination (your original + seed) you can always recreate the hash fingerprint and prove that your data was part of a specific Bitcoin transaction.

Do not Alter

Never alter your original! Any change, including changing a single space, or editing any of its metadata, will alter the hash that is unique to your original file.

For the detailed instructions on the manual timestamp verification check this GitHub Repository

How is OriginStamp different from a traditional timestamping authority?

In contract to a TSA, OriginStamp is not a trusted third party. OriginStamp only provides a convenient connection to various public blockchains. This has several advantages:

  1. OriginStamp uses a consensus that is accepted worldwide and not just in a few countries.
  2. If OriginStamp stops existing, all timestamps remain valid.
  3. OriginStamp can't be bribed. Even if you would offer us 1 billion USD today, we could not date back a timestamp.
  4. All timestamps generated by OriginStamp are unlimited in time.

What happens if OriginStamp stops existing in the future?

If OriginStamp stops existing, no new timestamps can be created. Since all timestamps are independent of OriginStamp verifiable, all timestamps that have been created in the past are still valid and verifiable.

What if your service doesn't exist in 20 years?

New timestamps can't be created. However old timestamps remain valid and can be verified (read also 'How do I verify a timestamp without OriginStamp?').

What is the pricing?

The pricing depends on the number of timestamps and certificates you generate. For an offer, or a free test API key, please contact us at [email protected]. We charge a certain amount of credits (see next FAQ item) for each action you perform.

How many credits are charged for a certain action?

Request Type Condition Action Credits
Submission file / hash without existing timestamp submitted timestamp will be created 1.0 credit
Submission file / hash with existing timestamp submitted timestamp information is returned 0.3 credits
Status timestamp information not yet available error message is returned 0.3 credits
Staus timestamp information available timestamp information is returned 0.3 credits
Proof timestamp prove not available error message is returned 0.1 credits
Proof timestamp proof available return path through Merkle tree as proof 3.0 credits
Proof old timestamp proof available return seed file as proof 3.0 credits
Proof timestamp proof available return PDF proof certificate 5.0 credits
Notification hash without existing timestamp submitted webhook notification 1.5 credits
Notification hash without existing timestamp submitted email notification 5.0 credits
Notification hash with existing timestamp submitted trigger webhook for development purposes 0.3 credits

Is a blockchain timestamp legally binding?

It depends on the country. In general, an independent expert can, at any time, given a copy of the blockchain, the proof of the timestamp and the original data, verify that the original file has been existent prior to a certain point in time.

In China, a court already accepted a blockchain-based proof (Read Tweet).

Original Source on Weixin.

What is a timestamp "proof"?

The proof contains all information that is needed to prove a timestamp on the blockchain independent from OriginStamp. Technically, this is a path through a Merkle tree. Such a proof can be found in the sample certificate.

What is a timestamp "certificate"?

A certificate is a PDF document which contains the timestamp proof and further documentation on how to verify the proof.

A sample certificate can be found here.

What happens if the value of Bitcoin or any other coin drops to zero?

New timestamps on the Bitcoin blockchain will be invalid, old timestamps on the Bitcoin blockchain will remain valid.

However, we are using more than just the Bitcoin Blockchain, just to be sure.


New timestamps on the Bitcoin blockchain will be invalid since the incentive for mining Bitcoin reduces, and thus the mining difficulty reduces which is why an attacker can date back data to the point where the Bitcoin value dropped to zero. All timestamps on the Bitcoin blockchain that have been created in the past will remain valid for a long time. The reason for this is that an attacker still cannot create backdated timestamps. Doing so would require to mine large parts of the Bitcoin blockchain with a high mining difficulty, which would require vast amounts of energy. Furthermore, it is fair to assume that at least one copy of the Bitcoin blockchain will remain, may it be only for a digital museum.

We always monitor candidate blockchains and include them into our service once we think they fit our security standard.

Technical Questions

Why is the timestamp on the OriginStamp certificate different from the timestamp found in my Blockchain Explorer?

This can have several reasons. For one, the time zone might be different. The time zone we are using is stated on our certificates.

Then, some blockchain explorers state the time that our transaction was published in the Bitcoin network. However, the tamper-proof timestamp is the time on which our transaction was included into the blockchain. This is also the time we provide on our certificates.

Why do I have to calculate the public key in order to verify a timestamp?

The calculation of the public key is just a necessary step to calculate the Bitcoin address.

Which cryptographic methods are used to calculate the public key and the Bitcoin address when verifying a timestamp?

The involved methods are ECC (Wikipedia: Elliptic Curve Cryptography) and hashing (Wikipedia: Hash function).

Technical details can be found in the Bitcoin Wiki.

Which hashing functions do you support?

Currently, we only support SHA256. However, you might choose to hash a file first with a hashing algorithm of your choice and then with the SHA256 hashing function.

However, this has then to be taken into account when verifying a timestamp.

What data contains the webhook?

Create, Status and Webhook share the same object. This saves customers additional implementation work, as the requests or data only have to be understood once. The difference is that the webhook is only triggered as soon as a tamper-proof time stamp exists.

When is a webhook triggered?

The webhook is triggered as soon as the tamper-proof time stamp with the selected crypto currency has been created. In the next days we will also introduce an interface, which allows to start a webhook manually, because this will simplify the development work considerably. Simply check our documentation page from time to time.

It is possible to receive through the API the following data: Public key, Uncompressed Bitcoin address?

Since the timestamp procedures differ for individual cryptocurrencies, our response object looks like this for each crypto currency. In the case of Bitcoin, the uncompressed address is calculated using the Bitcoin Protocol. We do not currently provide an interface for this, as there are corresponding libraries for the most diverse programming languages, e.g. BitcoinJ for Java. The following examples show how simple the calculation is:

Calculation of an address

String uncompressedAddress = ECKey.fromPrivate(new BigInteger(pPrivateKeyHash,16)).decompress().toAddress(MainNetParams.get()).toString();

Calculation of public key

String publicKeyHex = ECKey.fromPrivate(new BigInteger(pPrivateKeyHash, 16)).decompress().getPublicKeyAsHex();

Why do I get a Cloudflare error?

We use Cloudflare to protect the service from DDo's attacks, i.e. unwanted traffic is automatically filtered.

To resolve this issue, please set the user agent in your request header, e.g.

curl -X GET -H "Content-Type: application/json" -H "Robins OriginStamp Test" -H "Authorization: XXXX-XXXX-XXXX-XXXX"