How the Creation Certificate works

The proof, the format, and how to verify it independently

A certificate witnesses one fact: that an exact set of bytes existed at a moment in time. It does this in three independent layers, so the proof holds even if one of them — including Timbrica — disappears.

Three layers of proof
1
Layer 1 — Server timestamp
Timbrica records the fingerprint and the moment it was registered. Authority: this site. The weakest layer — it stands on trusting Timbrica.
2
Layer 2 — RFC 3161 trusted timestamp
An independent Time-Stamp Authority signs the fingerprint with its certificate. Recognised electronic evidence, verifiable against the authority — Timbrica is not needed.
timestamp.digicert.com · timestamp.sectigo.com · rfc3161.ai.moda
3
Layer 3 — Bitcoin anchor
The fingerprint is committed to the Bitcoin blockchain via OpenTimestamps. The block’s time is public and permanent; no authority — not even the timestamp authority — is needed to check it.
Certificate ID

Each certificate gets a 12-character ID, e.g. TC-7K3M-9P2X-VQ. It carries a check character, so a mistyped ID is rejected rather than resolving to the wrong record.

Why a fingerprint, not the file

A SHA-256 fingerprint is a 64-character value computed from a file’s bytes. The same file always produces the same fingerprint; changing a single byte changes it completely; and the file cannot be reconstructed from it. Timbrica timestamps the fingerprint, so the registry never needs the file itself.

Verify a certificate independently

You do not have to trust Timbrica — or even reach it. With the file and the proof bundle, anyone can confirm a certificate:

  1. Re-hash the file with SHA-256 and confirm it appears in the canonical record.
  2. Hash the canonical record and confirm it equals the record fingerprint.
  3. Check the RFC 3161 token against the timestamp authority — e.g. with “openssl ts -verify”.
  4. Check the Bitcoin proof (.ots) against the blockchain with any OpenTimestamps verifier.

If all four agree, the file provably existed by the witnessed date — a conclusion that does not depend on Timbrica existing.

Open JSON API

Every public certificate is available as read-only JSON, including the full proof. No key required.

Honest limits

A timestamp proves WHEN, never WHETHER-TRUE. It shows a file existed by a date; it cannot show who made it, that it is original, or that a declared statement is true. It can only ever prove “no later than” — which is why it cannot be used to fake an earlier date.