Skip to main content
RFC 3161 timestamping proves to any third party that your audit records existed at a particular time — not just that they’re internally consistent.

How it works

plog timestamp signs the current Merkle root with an RFC 3161 Timestamp Authority (TSA). The TSA returns a signed timestamp token that can be independently verified. One signature covers all events across all chains — the Merkle root represents the entire audit trail.

Usage

# Request a timestamp from the default TSA (freetsa.org)
plog timestamp

# Use a custom TSA
plog timestamp --tsa-url https://your-tsa.com

# List stored timestamps
plog timestamp --list

# Verify the latest timestamp against current state
plog timestamp --verify

API

# Request a timestamp
curl -X POST http://localhost:7600/v1/timestamp

# List timestamps
curl http://localhost:7600/v1/timestamps

# Verify latest
curl http://localhost:7600/v1/timestamps/verify

What it proves

Without timestampingWith timestamping
Events are internally consistentEvents provably existed at a specific time
Hash chain is validThird-party attestation of the Merkle root
Self-attested integrityIndependent temporal proof

Storage

Timestamps are stored with their certificate chain for offline verification. Each timestamp references the Merkle root it was created from, allowing you to prove the state of the audit trail at any point in time.