Filesign.net in more detail


No files are uploaded

Only a hashed value of the file is uploaded to Filesign.net. This is enough for what we do. We do not know the contents of your file nor do we know what kind of file it is. We do not even know the filename nor do we know who you are.
This is not a data backup service.

How does it work?

The first time you hand in a file for trusted timestamping and signing process a hash of it is uploaded to our servers. (More information about hashes here.) The hash is then timestamped and cryptographically signed. If the same file is handed over again the same hash gets uploaded. This time however it is compared to the old one and a message about its prior existance is returned with the date when it was first seen.

There is also an optional handshake code you can put in your works and use during the signing process. Read more about it here.


What should you do?

1. Drag and drop a file into Filesign.net's signing page and let it process the file. Click the continue button when it appears.

2. You will see a page with the file's carbon dating (timestamp) information. You can save the information provided about your file by copying and pasting but it is not necessary as you can access the information by signing the file again. A shorter version of the same signing information is also posted on our Twitter signing feed.

3. Make sure you keep a master copy of the same file and do not change its contents. Even the smallest change will make it a different file in the eyes of Filesign.net. Please keep a read-only master copy of your file. Burn it on a DVD or use ZIP for compressing it non-destructively. ZIP creates a protective wrapper around the file. Then store it locally and in the cloud or in some other trustworthy place. You should treat the master file like you would treat patent certificates or other important documents.

4. If you need to demonstrate someone the timestamp of your creation you simply let Filesign.net process the same file again. The resulting page will show you when the file was first seen. You can also use GPG locally on your computer for verifying the cryptographic signature. You can also use our Twitter feed for demonstrating when your file was signed.

Public disclosure

Filesign.net posts information about signed files in publicly visible places such as Twitter. When services like Twitter also put their timestamp on the signing information it adds to the authority of our signing process. Please check our Twitter signing feed.

Since June 2016

Filesign.net is not good for dating files created prior to June 2016. This is because the service did not exist before it. You can use this site for dating your old files but the timestamp will not be accurate.

UTC timezone

Filesign.net uses UTC as the timezone for timestamping.

Ownership

Filesign.net signing does not necessarily establish proof of ownership. You might achieve that with using your own web presence or other mechanisms together with this site. Filesign.net is an independent trusted timestamping service.

No arbitration

Filesign.net does not offer any arbitration service or resolution of disputes. It is solely up to you how you use the carbon dating (timestamp) information.

Mobile

Filesign.net works at least on Android, iOS and Windows Mobile. Just tap the field on the sign page and choose a photo from your camera roll or other files.




Technology

Hashing is done using SHA-512. The hash and the timestamp are signed using our private key (PGP/GPG).

How can I be sure my file is not uploaded?

You can check our code which runs in your browser. It does not upload any files to any server. You can also monitor your outbound traffic using networking tools (such as the Activity Monitor on OS X) and you will notice that only a very small amount of traffic (the hash) is sent to us.

Our public key

Here is our public signing key. You can use it for verification of timestamp signatures.

How to verify

Please refer to this page on how to verify a signature.