σ CertiSigma Swiss trust layer

Public verifier

Verify a SHA-256 hash

Paste a SHA-256 digest or open this page with a query like ?hash=<sha256_hex>. Only the hash is sent to the CertiSigma API. Your original file never leaves this device.

No file content is requested by this page.
Public verification is privacy-first · No tracking · No cookies · No uploaded content.
T0

Immediate · synchronous

ECDSA P-256 signature

T0 is the on-call cryptographic receipt. It is created the moment your SHA-256 digest is registered, before any external sealing happens.

Cryptographic primitive
ECDSA over NIST P-256 with SHA-256 message digest (FIPS 186-4).
Signed payload
Your SHA-256 digest plus server metadata: attestation id, UTC timestamp, format version.
Signer
A CertiSigma signing key whose public counterpart is published via the API for offline verification.
What it proves
That the digest was registered with CertiSigma at the recorded UTC time, signed by a key under CertiSigma control.
How to verify
Fetch the evidence bundle via the API and re-check the ECDSA signature locally with the published public key.
Limit
Trust depends on the integrity of the CertiSigma signing key. T1 and T2 add witnesses outside CertiSigma.
T1

Sealed within ~1 minute

Qualified TSA timestamp

T1 binds your attestation to a third-party qualified timestamp under eIDAS, witnessed by an authority outside CertiSigma.

Cryptographic primitive
SHA-256 Merkle tree over the batch, RFC 3161 timestamp token over the Merkle root.
Sealing cadence
Periodic, currently aligned to the next minute boundary; attestations are sealed in batches.
Witness
Sectigo Qualified Time Stamping Authority — eIDAS qualified, publicly trusted certificate chain.
What it proves
The Merkle root containing your attestation existed before the TSA timestamp, attested by a qualified third party.
How to verify
The evidence bundle returns the Merkle inclusion path plus the RFC 3161 token. Verify with any compliant verifier and the TSA root certificate.
Limit
Trust extends to the TSA qualification chain. T2 adds an independent witness with no shared trust assumption.
T2

Anchored within hours

Bitcoin / OpenTimestamps anchor

T2 lifts your attestation onto a public blockchain witness, completely independent of CertiSigma and any qualified authority.

Cryptographic primitive
SHA-256 commitment folded into the OpenTimestamps calendar and ultimately included in a Bitcoin block header.
Anchor
The Bitcoin blockchain via the OpenTimestamps protocol; the OTS proof is attached to the evidence bundle once confirmed.
What it proves
The attestation existed before a specific Bitcoin block was mined — verifiable with no trust in CertiSigma or any TSA.
How to verify
Run `ots verify` from the OpenTimestamps client against any Bitcoin node, or use any third-party OTS verifier.
Independence
No shared trust assumption with T0 or T1. Compromising CertiSigma keys or the TSA does not invalidate this layer.
Limit
T2 proves existence at anchor time, not the precise registration time. Combine with T0 / T1 for sub-minute timing.