The timestamp, explained

Your computer's clock can be set by hand, in three seconds, leaving no trace. Every time a digital document carries a date you wrote yourself, that date proves nothing. A timestamp is the way to have the time stated by someone with no reason to lie, and stated so that anyone can check it.

The problem, in one sentence

You can prove a file has not changed: the digest suffices. You can prove who signed it: the certificate suffices. You cannot prove when it existed, because time leaves no fingerprints in the bytes.

The solution is procedural rather than mathematical: you ask a third party to sign, together, the digest of your document and the current time. That third party is a TSA — a Time Stamping Authority — and the protocol for talking to it is RFC 3161.

How the exchange works

your computer document (even 30 GB) SHA-256 → 32 bytes TimeStampReq (.tsq) the digest only + certReq = TRUE signed token (.tsr) the TSA reads its secure clock signs digest + time never sees the document does not receive or keep it does not know its contents inside the .tsr token · the digest you sent · genTime — the attested hour · accuracy — the uncertainty · serialNumber and policy · the TSA's certificate The timestamp proves that digest existed at that hour. Since the digest exists only if the document exists, it proves the document existed at that hour — and that not one bit has changed since. Probatio always asks for certReq = TRUE: the token will carry the TSA's certificate and verify offline. The request's .tsq file exists only in memory: it is never written to disk.
That only the digest reaches the TSA is not an implementation detail: it is what makes timestamping usable on confidential documents. The authority certifies an hour against a number whose origin it cannot know.

The request is called a TimeStampReq and Probatio builds it from the file's SHA-256 digest, plus a certReq flag set to true, asking the TSA to include its own certificate in the reply. Without that certificate, verifying the timestamp would mean obtaining it elsewhere.

The reply is called a TimeStampToken. It is, in fact, a CMS envelope signed by the TSA — the same structure as a .p7m — containing the digest received, the time, and the service's metadata. Probatio saves it next to the file as a .tsr sidecar.

What a token holds, and how to read it

  • genTime — the attested instant, in UTC. The datum you paid for.
  • accuracy — the uncertainty declared by the TSA, often one second. It says: «the true time lies within this window».
  • serialNumber — the token's unique identifier, making it traceable in the TSA's records.
  • policy — the OID of the timestamping policy, the rules the TSA declares it follows.
  • messageImprint — the digest received, together with the algorithm used.

Qualified and unqualified

Not all timestamps are equal, and the difference is legal rather than technical.

Probatio can use free TSAs — Sectigo, DigiCert and GlobalSign, tried in turn until one answers. They produce technically impeccable RFC 3161 timestamps: the mathematics is identical to that of a paid one.

Then there is the qualified eIDAS timestamp, which Probatio requests from InfoCert through its own endpoint and which consumes a slot. The difference lies in Article 41 of the eIDAS Regulation: a qualified electronic time stamp «shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound». Whoever disputes the date must prove it wrong, not the other way round.

The same article's first paragraph protects the others, though: an electronic time stamp that is not qualified shall not be denied legal effect and admissibility as evidence merely because it fails to meet the qualified requirements. It simply enjoys no presumption: its reliability must be argued.

For an internal backup, a free timestamp is perfect. For a document headed to court, the Article 41 presumption is worth the few euros it costs. The choice is not about cryptographic strength — that is identical — but about who bears the burden of proof.

Verifying a .tsr

1 · the digest the file's hash is recomputed and compared with the one inside the token SHA-1 · SHA-256 · SHA-512 2 · the signature is the token really signed by the TSA it claims to come from? a CMS envelope, like a .p7m 3 · the qualification is the TSA's certificate in a recognised trust list? AgID TSA list 4 · the metadata genTime, serial, policy, accuracy they belong in the report Check 1 tries three algorithms because the token declares which digest it carries: old timestamps use SHA-1, recent ones SHA-256. Probatio recomputes and compares the right one. If the file changed by one bit, check 1 fails and the timestamp certifies nothing any more.
A valid timestamp over a file that no longer matches it is not a system error: it is the system working. The bond between token and document is the digest.

Verification needs no network, provided the token carries the certificate — which is why Probatio always asks for certReq. A .tsr archived today remains verifiable in twenty years, on an offline machine, as long as file and sidecar are kept together.

Timestamping a document, timestamping a signature

Two distinct uses, often confused.

Timestamping a document attests that this content existed at a certain date. Useful as proof of priority: a design, a manuscript, a log.

Timestamping a signature attests that the act of signing happened before a certain date. The token is placed among the CMS envelope's unsigned attributes, and raises the signature from level -BES to level -T. That is what lets it survive the certificate's expiry.

What Probatio does not do

  • It does not save the .tsq. The request lives in memory and is discarded. If you need it, it can be rebuilt from the digest.
  • It does not handle .tsd, the container that packages document and timestamp together.
  • It does not use CRLs for the TSA's certificate: revocation, when checked, goes through OCSP.

In practice

  1. Timestamp at acquisition, not at the end of the report. A timestamp certifies the moment you asked for it, not the moment the fact occurred.
  2. Keep the file and its .tsr together. Apart, they are worth nothing: one without the other does not demonstrate the bond.
  3. Record genTime, serial and TSA in the report. Those are the data that let a third party redo the verification.
  4. Do not confuse a timestamp with a signature. The first says when; only the second says who. A timestamped but unsigned document is an anonymous document with a certain date.

No amount of cryptography can tell a file what time it is. It can, however, have the time stated by someone whose word, by contract and by law, counts for more than yours — and bind it to a digest nobody can forge. That is all there is to it, and it is enough.