The entire point of a timestamp is that it can be verified. Not just by ProofChain, not just by the person who created it — by anyone.
If a timestamp can only be confirmed by the company that issued it, it's not really independent proof. It's a company's claim, and claims can be disputed. That's why ProofChain's architecture is designed so that every element of your timestamp can be independently verified using public tools, by anyone, without needing a ProofChain account or access to our systems.
Here's how verification works, step by step.
What's in a ProofChain Certificate
Every ProofChain certificate contains several key elements:
- The SHA-256 hash of the original file
- The blockchain transaction ID where the hash was recorded
- The block number and confirmation time from the blockchain
- The TSA timestamp token — a digitally signed certificate from the Trusted Stamp Authority
- The TSA's public key reference for validating the digital signature
- A QR code that links to the verification page
Step 1: Verify the File Hash
This step confirms that the file you have now is the exact same file that was timestamped.
What you need: The original file and any SHA-256 hashing tool.
How to do it:
On a Mac, open Terminal and run:
shasum -a 256 /path/to/your/fileOn Windows (PowerShell):
Get-FileHash -Path "C:\path\to\your\file" -Algorithm SHA256On Linux:
sha256sum /path/to/your/fileThe output will be a 64-character hexadecimal string. Compare this to the hash printed on your ProofChain certificate.
If they match: This is mathematically the same file. Not a similar file, not a close copy — the exact same file, bit for bit.
If they don't match: The file has been modified since it was timestamped. Even a single-byte change will produce a completely different hash.
You can also use free online SHA-256 calculators — many websites offer them. Just note that uploading your file to an online tool means sending it to a third party, which may not be desirable for confidential work. Command-line tools process everything locally.
Step 2: Verify the Blockchain Record
This step confirms that the hash was actually recorded on the blockchain at the time claimed.
What you need: The blockchain transaction ID from your certificate.
How to do it: Go to any public blockchain explorer (these are free, public websites that let anyone view blockchain transactions). Enter the transaction ID from your certificate.
The explorer will show you:
- The exact data stored in the transaction (which should include your file's SHA-256 hash)
- The time the transaction was confirmed
- The block number
- The number of confirmations (how many blocks have been added since — more confirmations = more certainty)
What this proves: An independent, decentralised network — not controlled by ProofChain or any single entity — confirms that your hash was recorded at the stated time. The blockchain is a public ledger that anyone can audit.
Step 3: Verify the TSA Certificate
This step confirms that a Trusted Stamp Authority independently certified the hash at the stated time.
What you need: The TSA token from your certificate (usually provided as a file or embedded in the certificate) and OpenSSL or a similar cryptographic tool.
How to verify with OpenSSL:
openssl ts -verify -in timestamp.tsr -data original_file -CAfile tsa_ca_cert.pemThis command checks that:
- The TSA token contains a valid digital signature
- The signature was issued by the TSA whose certificate authority you've specified
- The hash in the token matches the hash of your file
- The timestamp hasn't been tampered with
For non-technical users: ProofChain provides an online verification page (accessible via the QR code on your certificate) that automates this process. But the key point is that you don't have to use our verification page — all the cryptographic tools needed are public and free.
Step 4: Cross-Reference the Two Timestamps
The blockchain timestamp and the TSA timestamp were created nearly simultaneously for the same hash. Verifying that both records contain the same hash and approximately the same time provides dual-source corroboration.
This means:
- Two independent systems (a decentralised blockchain and a centralised TSA) agree on the same fact
- Neither system was controlled by ProofChain at the time of recording
- For anyone to fabricate this evidence, they would need to simultaneously compromise both a public blockchain and a TSA — which is not practically possible
Who Might Need to Verify
Courts and lawyers in a copyright dispute will want to verify that the timestamp is genuine and hasn't been fabricated.
Technical experts appointed by the court can independently confirm both the blockchain record and the TSA certificate using the methods described above.
Opposing parties in a dispute can (and should) attempt to verify or challenge the timestamp. The beauty of public verification is that your evidence withstands scrutiny — it invites challenge rather than avoiding it.
Publishers, producers, and collaborators who want to confirm that a creator's claimed date of creation is verifiable.
You — at any time in the future, even years from now, you can re-verify your own certificate to confirm its continued validity.
Common Verification Questions
Can a ProofChain certificate be forged?
To forge a certificate, you would need to create a fake blockchain transaction (impossible without controlling the majority of the network's computing power) AND forge a TSA's digital signature (impossible without their private key). Both are computationally infeasible.
What if ProofChain goes out of business?
Your blockchain record remains on the public blockchain indefinitely. Your TSA certificate is independently verifiable against the TSA's public key infrastructure. ProofChain's existence is not required for verification.
Can a timestamp be backdated?
No. The blockchain timestamp is determined by the network at the time the transaction is confirmed. The TSA timestamp is determined by the authority's clock at the time of signing. Neither can be retroactively altered.
What if my file is very large?
The size of the file doesn't affect the hash or the timestamp. SHA-256 produces the same 64-character hash regardless of whether the file is 1KB or 10GB. Verification works the same way.
Do I need technical skills to verify?
For basic verification (checking the hash and looking up the blockchain transaction), no. Anyone who can use a web browser and a calculator can do it. For full cryptographic verification of the TSA token, some technical knowledge helps, but ProofChain's verification page automates this for convenience.
The Principle Behind It
Verifiability isn't a feature — it's the foundation. A proof that can't be verified isn't proof; it's a claim. ProofChain's architecture is built on the principle that every element of your timestamp should be checkable by anyone, using publicly available tools, without depending on us.
This is what separates cryptographic proof from institutional claims. A registration from a private company says "trust us, we recorded this." A blockchain + TSA timestamp says "don't trust anyone — verify it yourself."