The RFC 3161 protocol
RFC 3161, published by the IETF, defines the Time-Stamp Protocol (TSP). It works as follows: the client computes a hash of the document, sends this hash to the Time Stamping Authority (TSA), the TSA combines the hash with its current UTC time, signs the combined data with its private key, and returns a timestamp token to the client. The document itself never leaves the client — only its hash is transmitted.
Cryptographic guarantees
The security of RFC 3161 rests on two pillars: hash functions and digital signatures. The hash ensures that any modification to the document — even a single bit — produces a completely different hash value. The TSA's digital signature ensures that the timestamp was genuinely issued by the trusted authority and has not been tampered with since issuance.
Verification process
To verify a timestamp, the verifier recomputes the hash of the document, extracts the hash from the timestamp token, compares them (they must match), and verifies the TSA's digital signature using the TSA's public key. If all checks pass, the verifier has proof that the document existed in its current form at the time indicated by the timestamp.
Hash algorithms and key sizes
Modern implementations use SHA-256 or SHA-512 for hashing and RSA-2048 or ECDSA P-256 for signatures. SHA-1 is deprecated due to collision vulnerabilities. QTSPs typically use RSA-4096 or ECDSA P-384 for their signing keys, providing security margins that extend well beyond 2030.