PHP RFC3161 Timestamp Toolkit

This toolkit provides classes and methods for accessing DigiStamp's Timestamp Servers with the PHP programming language.

  • All cryptography is performed with OpenSSL.
  • The class TrustedTimestamps was written by David Müller and slightly modified by us
  • The toolkit is packaged as an example implementation allowing users to upload files for timestamping
  • Retriever.php, and its dependency TrustedTimestamps.php, can be used independently

Before you get started:

You will need either a paid account, or a free evaluation account.



  1. PHP, we have not tested with versions before 5.4
  2. OpenSSL version 1.0+
  3. cURL for PHP


  1. Login to your DigiStamp account to enable IP-based Authentication:
    1. Visit
                  or for TEST accounts
    2. Scroll to the bottom of the page (IP-based Authentication...) and follow instructions
  2. If you are using test TSAs, perform the following replacements in Retriever.php:
    1. uncomment line 25, replacing line 23 for test x.509 certificates
    2. uncomment line 45, replacing line 42 for test URL addresses
  3. If you are using the provided HTML interface:
    1. Set your allowed file extensions in UploadFile.php at line 23
    2. Create subdirectory timestampedFiles/
    3. Grant the webserver write permission for the directory timestampedFiles/
  4. You need to download the latest copy of x.509 certificates to verify timestamps: com.digistamp.bundle.pem​​​​​​​
    or if using TEST the certificates at ​​​​​​​​​​​​​​ com.digistamp.bundle.test.pem ​​​​​​​

    Details: The public key used to verify the digital signature is normally bundled in the timestamp file. The missing part is the "Root CA" certificate. We use the Root CA certificate to tell OpenSSL to trust timestamp certificates from DigiStamp. This download is commonly done just one time.

Please let us know if you have questions or concerns: