Verify a Timestamp without OriginStamp

OriginStamp is a timestamp service that uses the Bitcoin Blockchain (and soon other chains) to create tamper-proof data for your data. Instead of backing up your data, OriginStamp embeds a cryptographic fingerprint in the blockchain. It is de facto impossible to deduce the content of your data from your fingerprint. Therefore, the data remains in your company and is not publicly accessible.

All you need to do is send this fingerprint to OriginStamp via the interface. The integration of the RESTful API is very simple and convenient and allows to timestamp all of your data. This document shows the procedure and gives instructions for verifying a timestamp created with OriginStamp.


  • You need to have the original file
  • You need to have a certificate or the raw proof


Follow these steps to verify your timestamp independently.

1. Determine the SHA-256 of your original file

There are numerous programs and libraries to calculate the SHA-256 of a file, such MD5FILE.COM. Simply drag and drop or select your file, to retrieve the SHA-256 of your file.

2. Validate your proof

It must be verified that the hash of the original is part of the evidence. In order to check this, the proof can be opened with a conventional editor and its content can be searched for the hash. If the hash cannot be found, either the file was manipulated or the wrong evidence was selected.

3. Determine the private key

The Merkle Tree is a tree structure, that allows to summarize many hashes into one root hash. The tree is built from the bottom to the top and follows a defined schema. The value of a node is determined by the aggregated hash of its children.

SHA-256 (left child):


SHA-256 (right child):


SHA-256 of a node:

SHA-256(Node) = SHA-256(SHA-256(left child) + SHA-256(right child))
SHA256(Node) = SHA-256(a8eb9f308b08397df77443697de4959c156fd4c68c489995163285dbd3eedaefab95adaee8eb02219d556082a7f4fb70d19b8000097848112eb85b1d2fca8f67)


SHA256(Node) = 47e47c96302eeba62ed443dd0c89b3411bbddd2c1ff6bdfb1f833fa11e060b85

This step is performed for all levels of the tree until the hash of the root has been calculated. If the hash of the root is identical as proof, the calculation was successful and the root hash is verified. The root hash corresponds to the private key we embedded in the blockchain through a transaction. For a more detailed explanation of the Merkle Tree, we want to refer to Wikipedia.

4. Timestamp Lookup

After the successful verification of the root hash, you need to find the hash in the blockchain. Since we use different blockchains, the procedure varies for each blockchain type.


Having determined the private key in the previous step, we can use this private key for a Bitcoin address. The detailed steps to calculate the uncompressed Bitcoin address can be found here. Lets assume the private key is:


The corresponding calculated Bitcoin address is:


Check the transactions. By using any blockexplorer for Bitcoin, you can search for the previously calculated Bitcoin address:


The earliest transaction for this address proofs the existence of your file. The timestamp of the file corresponds to the block time of the first transaction.


Having determined the private key in the previous step, we store this hash in a Smart Contract with the following address: 0xa66a943be0c956ae90eae98b9703b98a7bbd4309

The respective log events must be searched for each transaction in this contract. These events are divided into topics. The private key should be contained in a topic.

Caution: Some services display the hashes with 0x prefix.

As soon as the transaction has been found, the block time is the actual tamper-proof timestamp. To simplify the search, we added the transaction to the certificate.