Welcome to Evidency, your trusted partner in timestamping and sealing services. Here's a brief introduction to our key offerings:
Timestamping: Evidency provides a certified timestamping service that allows you to create irrefutable proof of the existence and integrity of your digital documents. By timestamping your files using our API, you can ensure they are legally recognized and protected against tampering.
Sealing: Our sealing service enables you to digitally seal PDF documents, enhancing their integrity and authenticity. With Evidency, you can securely seal your PDF files to ensure they remain unchanged over time, suitable for legal and compliance purposes.
Explore our developer documentation to learn how to integrate these powerful features into your applications seamlessly. Get started with Evidency today to enhance the security and reliability of your digital assets.
For more information, visit Evidency.
Evidency provides a sandbox and a production environment.
This environment is intended to test and validate any changes made to your application before it goes live in production.
Portal URL:
https://app-sandbox.evidency.io/
API URL:
https://api-sandbox.evidency.io/
This environment is eIDAS-compliant, providing both timestamp tokens and digital seals.
Portal URL:
https://app.evidency.io
API URLs
https://api.evidency.io/
https://api2.evidency.io/
You can integrate with our standard API to securely timestamp documents. This functionality allows you to digitally timestamp documents, ensuring integrity and anteriority.
/v2/timestamp/projects/{project_key}
POST
{project_key}: the unique identifier of the projectContent-Type: application/json X-API-KEY: YOUR_API_KEY{
"hashAlgorithm": "SHA-512",
"hashedMessage": "YOUR_FILE_SHA512_HASH",
"certReq": false
}
Ensure that hashAlgorithm specifies a robust algorithm compliant with current standards.
hashedMessage should contain the hash of the data intended for timestamping.
It is essential to
specify a robust hash algorithm.
The following hash algorithms are supported: "SHA256",
"SHA384", "SHA512".
SHA-256 is the minimum and default requirement, ensuring compliance with current standards.
Upon successful submission, you will receive a JSON response containing the timestamp token and relevant details:
{
"hashAlgorithm": "SHA-512",
"hashedMessage": "YOUR_FILE_SHA512_HASH",
"certReq": false
}
Note: The token field in the response contains a Base64-encoded timestamp token, which
serves as irrefutable proof of the existence and integrity of the timestamped data at the specified time
(timestamp). This token can be used to verify the authenticity of the timestamp. The
timestamp field in the response represents the timestamp in milliseconds since the Unix epoch
(January 1, 1970, 00:00:00 UTC).
You can integrate with our standard API to securely seal PDF files. This functionality allows you to digitally seal PDF documents for integrity and authenticity.
To seal a PDF file with the V2 API, send a POST request to the sealing endpoint
(/v2/projects/{project_key}/seal)
with the following details:
/v2/seal/projects/{project_key}
POST
{project_key}: the unique identifier of the projectContent-Type: multipart/form-data X-API-KEY: YOUR_API_KEYUpon successful sealing, you will receive a response containing the sealed PDF file in the file form param.
Note: The
sealedFile field in the response contains the sealed PDF file, ensuring its integrity at the time
of sealing. The serialNumber uniquely identifies the seal operation.
Download service's OpenApi specification
The JSON API is meant to simplify the creation of timestamp tokens. It is based on the RFC3161 protocol but uses JSON documents instead of binary files. At the very minimum, you can send the hash of the file you want to timestamp along with the algorithm used.
Example:
curl -v -X POST https://ENVIRONMENT_URL/v1/timestamp/request \
-H "Accept: application/json" \
-H "X-API-KEY: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"hashedMessage": "YOUR_FILE_SHA512_HASH", "hashAlgorithm": "SHA512"}'
Parameters:
Response:
{
"status": 0,
"hashAlgorithm": "2.16.840.1.101.3.4.2.3",
"hashedMessage": "YOUR_FILE_SHA512_HASH",
"serialNumber": "1b23d65d7b2cc8cca76795fc805de23888de53f",
"timestamp": 1704067200000,
"token": "BASE64_ENCODED_TOKEN"
"tsaPolicyId": "1.3.6.1.4.1.60053.2.1.1.1.1"
}
To use the service according to the RFC3161 specifications, you have to create files with OpenSSL or any RFC3161-compliant library. Once created, simply send a timestamp-query file to our service with the proper credentials and headers. If everything is ok, the returned response is a valid timestamp reply binary file that you can parse using openssl or a compliant library.
Example (Bash):
# Create the request file
openssl ts -query -data data.txt -cert -no_nonce -sha512 -out request.tsq
# Send the file using cURL
curl https://ENVIRONMENT_URL/v1/timestamp/request \
-X POST \
-H "X-API-KEY: YOUR_API_KEY" \
-H "Content-type: application/timestamp-query"
--data-binary "@request.tsq" > reply.tsr
# Check the content of the reply
openssl ts -reply -in reply.tsr -text
# Retrieve the bundled certificates from the trust chain
curl -O http://pub.evidency.io/cer/bundle.pem
# Verify the timestamp token
openssl ts -verify -data data.txt -in reply.tsr -CAfile bundle.pem
# Verification: OK
In the previous example, the openssl "-cert" option indicates the response includes the timestamp unit certificate. You can omit this option and provide the certificate in the openssl verify command.
# Retrieve the certificate trust chain
curl -O http://pub.evidency.io/cer/root-ca.cer
curl -O http://pub.evidency.io/cer/timestamp-ca.cer
curl -O http://pub.evidency.io/cer/tsu-01.cer
# The certificates are published with DER format, convert them to PEM
openssl x509 -in root-ca.cer -inform DER -outform PEM -out root-ca.pem
openssl x509 -in timestamp-ca.cer -inform DER -outform PEM -out timestamp-ca.pem
openssl x509 -in tsu-01.cer -inform DER -outform PEM -out tsu-01.pem
# Create the bundle with the pem certificates
cat root-ca.pem timestamp-ca.pem > bundle.pem
# Verify the timestamp token
openssl ts -verify -data data.txt -in reply.tsr -CAfile bundle.pem -untrusted tsu-01.pem
# Verification: OK
Please refer to the following links for more information on published certificates :
On the sandbox environment, you can use the following certificates: