TimestampCompare
Back to articles
timestamping · 6 min read

Timestamp Privacy: Why Your Files Never Leave Your Premises

A widespread misconception about timestamping is that you send your document to a third party. In reality, only a cryptographic fingerprint — the hash — is transmitted. Your file stays with you, always.

What is a hash?

A cryptographic hash function takes any input — a PDF, a contract, an image, a database record — and produces a fixed-length string of characters called a digest or fingerprint. SHA-256, for example, always produces a 256-bit (64-character hex) output regardless of whether the input is a one-line text file or a 10 GB video. The function is one-way: you cannot reconstruct the original document from its hash. Even a single character change in the input produces a completely different hash — this property is called the avalanche effect.

What actually gets sent to the TSA

Under RFC 3161, the timestamping client computes the hash of the document locally — on your own machine or server — and sends only that fingerprint to the Time Stamping Authority. The TSA receives a 32-byte or 64-byte digest. It has absolutely no knowledge of what document it represents. The TSA signs the hash together with its current UTC time, and returns the signed token. The original document never traverses the network to the TSA. This is by design — RFC 3161 was explicitly architected to protect sender confidentiality.

Confidential documents: contracts, IP, medical records

This design makes timestamp services ideal for highly sensitive material. Law firms can timestamp draft contracts without exposing their contents to any third party. Pharmaceutical companies can timestamp research data, clinical trial results, or patent-pending formulas. Hospitals can timestamp patient records to prove their existence at a given date without ever transmitting health data outside their perimeter. Inventors can create prior art evidence for patent applications without disclosing their invention prematurely. In all cases, the confidentiality is absolute and guaranteed by the mathematics of hash functions, not by contractual promises.

Verification is equally confidential

When you later need to prove the timestamp is valid, you again compute the hash of your (unmodified) document locally, and compare it with the hash embedded in the timestamp token. The verifier — a court, an auditor, a trading partner — can check the TSA's signature on the token without ever seeing the document itself. Confidentiality is preserved end-to-end. This makes RFC 3161 timestamping fundamentally different from document escrow or notarisation services that require depositing the original.