OriginStamp Docs

# Frequently asked questions (FAQ)

# General Questions

# What is OriginStamp?

OriginStamp is a trusted timestamping service for digital content. It allows you to prove ownership or possession of a file (e.g., PDF, image, video) at a specific point in time. Our service is accessible via an API.

# How is the timestamp calculated?

The timestamp reflects the moment when a cryptographic fingerprint (hash) of your file was embedded in the blockchain. For technical details, please refer to our whitepaper (opens new window).

# What is a blockchain-based timestamp?

A blockchain-based timestamp is stored across thousands of computers worldwide, making it extremely secure and independent of any centralized authority.

# How is a timestamp created?

A timestamp is generated through the following steps:

  1. A SHA-256 hash of your original file is created.
  2. The hash of the original file is combined with many other hashes in a Merkle Tree.
  3. The Merkle Tree’s root (representing all hashes) is treated as a private key.
  4. A Bitcoin address is derived from this private key.
  5. A small Bitcoin transaction is sent to this address. The transaction time becomes the timestamp itself.

# How do I verify a timestamp with OriginStamp?

Verification requires the original file or its SHA-256 hash. You can:

  1. Recalculate the original file’s hash and verify it.
  2. Send the hash to OriginStamp for a proof request. This later on allows you to verify it even without our involvement.

# How do I verify a timestamp without OriginStamp?

You’ll need the original file and the proof of the timestamp. Here’s how:

This would only affect the creation of new trusted timestamps with OriginStamp. For the verification of already created timestamps you don't need us. What you need is:

  1. Check your original file and the proof.
    • Calculate the SHA-256 fingerprint of your original source.
    • Check the proof if it contains your hash fingerprint.
    • Calculate the root SHA-256 hash of the Merkle tree that contains your hash fingerprint.
  2. Calculate the Bitcoin address
    • Use the determined root SHA-256 hash of the proof as private key.
    • Convert it to uncompressed Base58 encoded bitcoin address. See Mastering Bitcoin (opens new window) by Andreas Antonopoulos.
  3. Verify the transaction.
    • Look up the Bitcoin transaction for that address in the blockchain.
    • An overview of our Bitcoin transactions can be found here (opens new window).
  • Tamper-proof timestamp: Please keep in mind that you can only verify a timestamp made with OriginStamp after the hash has been submitted to the Bitcoin blockchain.
  • Keep Your Original: Preserve the original file and the proof. These are required for verification.
  • Do not Alter: Even a minor edit (like a space or metadata change) alters the hash of a file and invalidates the proof.

For the detailed instructions on the manual timestamp verification check this GitHub Repository (opens new window).

# How is the integrity of the blockchain guaranteed?

The massive market capitalization of Bitcoin makes it resilient. Any manipulation would be immediately noticeable and would undermine the currency’s value. For more, read what makes the blockchain secure (opens new window).

# How is OriginStamp different from a traditional timestamping authority?

Traditional timestamping services are based on trust. In the event of a dispute, the timestamping service serves as a witness. In contrast, the timestamps created with OriginStamp are anchored in public blockchains and can therefore be checked by anyone at any time, independent of OriginStamp. This has several advantages:

  1. OriginStamp uses a consensus that is accepted worldwide and not just in a few countries.
  2. If OriginStamp stops existing, all timestamps remain valid.
  3. OriginStamp can't be bribed. Even if you would offer us 1 billion USD today, we could not date back a timestamp.
  4. All timestamps generated by OriginStamp are unlimited in time.

# Do I have to disclose the original file?

No. The content of your files is never shared with us. The necessary hash is calculated before or directly in your browser on your machine. Alternatively, you can enter the SHA-256 hash (opens new window) of your document.

# What happens if OriginStamp stops existing in the future?

You won’t be able to create new timestamps, but existing ones remain valid. Timestamps are independently verifiable without OriginStamp.

# What is a hash?

A hash is like a digital fingerprint of your file. Any small change to the file results in a completely different hash. Hashes are one-way functions—original content cannot be reconstructed from a hash.

# What does the hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 mean?

The above string is the SHA-256 hash value of an empty input. To get more information about hashes and lean how it is calculated, check out timestamping.

# What is the pricing?

The pricing depends on the number of timestamps and proofs you request. For an offer, or a free test API key, please contact us at mail@originstamp.com.

# Is a blockchain timestamp legally binding?

It depends on the country. In general, an independent expert can, at any time, given a copy of the blockchain, the proof of the timestamp and the original data, verify that the original file has been existent prior to a certain point in time.

In China, a court already accepted a blockchain-based proof (Tweet (opens new window), Original Source on Weixin (opens new window)).

# What happens if the value of Bitcoin or any other coin drops to zero?

New timestamps on the Bitcoin blockchain will be invalid, old timestamps on the Bitcoin blockchain will remain valid.

However, we support multiple blockchains and continually evaluate new candidates to maintain our security standards.

# Technical Questions

# Why do I need to calculate the public key to verify a timestamp?

The public key is required to derive the Bitcoin address for timestamp verification.

# Which cryptographic methods are used to calculate the public key and the Bitcoin address when verifying a timestamp?

We use ECC (Elliptic Curve Cryptography) (Wikipedia: Elliptic Curve Cryptography (opens new window)) and SHA-256 hashing (Wikipedia: Hash function (opens new window)).

Technical details can be found in the Bitcoin Wiki (opens new window).

# Which hashing functions do you support?

Currently, we only support SHA-256. However, you might choose to hash a file first with a hashing algorithm of your choice and then with the SHA-256 hashing function on top.

# When is a webhook triggered?

Webhooks are triggered once a tamper-proof timestamp has been created and it's status is set to "verified".

# It is possible to receive the Public key and Uncompressed Bitcoin address through the API?

Since the timestamp procedures differ for individual cryptocurrencies, our response object looks like as follows for each cryptocurrency. In the case of Bitcoin, the uncompressed address is calculated using the Bitcoin Protocol. We do not currently provide an interface, as there are corresponding libraries for this task. You can compute them using libraries such as BitcoinJ for Java:

Calculation of an address

String uncompressedAddress = ECKey.fromPrivate(new BigInteger(pPrivateKeyHash, 16)).decompress().toAddress(MainNetParams.get()).toString();

Calculation of public key

String publicKeyHex = ECKey.fromPrivate(new BigInteger(pPrivateKeyHash, 16)).decompress().getPublicKeyAsHex();

# Why do I get a Cloudflare error?

We use Cloudflare to protect against DDoS attacks. If you encounter errors, make sure to set the User-Agent header in your request:

curl -X GET https://api.originstamp.com/v1/tree/2ed8f4a1-7cb6-43e7-9dbe-8c6a284c53f3\
     -H "Content-Type: application/json"\
     -H "User-Agent: Robins OriginStamp Test"\
     -H "x-api-key: XXXX-XXXX-XXXX-XXXX"

Glossary