Yes. It is free with no signup, no rate limit, and no paywall on advanced features.

Does it store my inputs?

No. Every calculation runs in your browser using JavaScript. The numbers and text you type never leave your device; we do not log or transmit form values.

Where do the formulas come from?

Formulas come from the canonical reference for the domain (the relevant tax authority, standards body, or peer-reviewed source). See /methodology for the full sourcing process and per-page citations.

← All Files & Media tools

What is Verify Timestamp?

A Verify Timestamp computes verify timestamp from the inputs you provide. It applies the standard formula to the values you enter and returns the result instantly, without sending any data to a server. Free Verify Timestamp. The tool runs entirely.

Verify Timestamp

Re-hash a file and compare to a timestamp receipt.

ℹ️ Drop both the original file and the .timestamp.json receipt. We re-hash the file and compare to confirm it has not been modified since the timestamp.

Original file: Receipt (.json):

About this tool

Free, private, browser-based. Your files never leave your device - all processing runs in JavaScript right here in your browser. No upload, no account, no watermark.

About file integrity verification

The Verify Timestamp tool re-hashes a file with SHA-256 and compares the result against the hash recorded in a receipt produced by the companion Timestamp tool. If both fingerprints match to all 64 hexadecimal characters, you have mathematical proof the file is bit-for-bit identical to the version that existed when the receipt was generated. This is how Git detects modified blobs, how Linux package managers verify downloads, and how Bitcoin links blocks. None of the file or the receipt leaves your browser; verification runs through the Web Crypto API's crypto.subtle.digest entirely client-side.

Integrity verification is different from time anchoring. A matching hash proves the content is unchanged, but not when it was created. For court-admissible time stamps, use a Trusted Timestamping Authority following RFC 3161 (DigiCert, Sectigo, FreeTSA, or eIDAS-qualified providers in the EU). The receipt JSON used here captures your local UTC time at the moment of stamping; treat it as a self-signed note, not a notarised act.

How verification works step by step

1. Read file bytes  -> ArrayBuffer
2. Hash via Web Crypto subtle.digest('SHA-256', buffer)
3. Convert digest (Uint8Array) to 64-char hex string
4. Parse receipt JSON to read receipt.sha256
5. Compare: computedHash === receipt.sha256
6. Match -> file unchanged. Mismatch -> file modified.

Receipt schema:
{
  "filename":   "contract-v3.pdf",
  "sha256":     "9b74c98...64 hex chars",
  "size":       284172,
  "timestampUtc": "2026-05-28T14:32:11.452Z",
  "tool":       "3tej-timestamp",
  "version":    "1"
}

SHA-256 output is always 64 hex characters (256 bits / 4 bits per character).
Hash mismatch by one character means the file has changed. There is no partial match in cryptography.
Web Crypto API is available in all modern browsers (Chrome, Firefox, Safari, Edge) on secure origins (HTTPS or localhost).

Worked example: verifying a signed PDF

You receive contract-v3.pdf and contract-v3-receipt.json from a counterparty. You want to confirm the file matches the version the receipt describes.

Upload the file. Browser reads bytes into an ArrayBuffer.
Tool computes SHA-256 via Web Crypto: 9b74c98...e2a1d.
Upload the receipt JSON. Tool parses the sha256 field.
Receipt expects: 9b74c98...e2a1d with timestamp 2026-05-28T14:32:11Z.
Match: green badge confirms the file is identical to the stamped version.

Result: The PDF is byte-for-byte the same as on 2026-05-28 at 14:32 UTC. You can sign or forward it knowing nothing inside, including invisible PDF metadata, has been altered.

Hash algorithm comparison

Algorithm	Year	Output bits	Status	Notes
MD5	1992	128	Broken	Practical collisions since 2004 (Wang)
SHA-1	1995	160	Broken	Shattered attack, Stevens 2017
SHA-256	2002	256	Secure	Bitcoin, TLS, this tool
SHA-512	2002	512	Secure	Slower, stronger preimage resistance
SHA-3 / Keccak	2015	256 to 512	Secure	NIST standard, sponge construction
BLAKE3	2020	256	Secure	Faster than SHA-256, used in IPFS

Common pitfalls when verifying

Re-encoded uploads. Email, WhatsApp, and Slack often recompress files (especially images). The re-encoded copy hashes differently even if visually identical.
Wrong file uploaded. If you have multiple versions, double-check the filename and size against the receipt before concluding tampering.
Receipt edits. If anyone modified the JSON receipt, the comparison is meaningless. Re-fetch the receipt from the original source.
Trusting the timestamp value. The receipt records local clock time, not a notarised time. For legal use, employ RFC 3161 TSA countersigning.
Trailing whitespace and BOM. Text files copy-pasted between editors can pick up byte-order marks or line-ending changes (CRLF vs LF) that break the hash invisibly.

Related calculators on 3Tej

Timestamp Tool QR Code Generator Base64 Encoder UUID Generator

Frequently asked questions

What does the Verify Timestamp tool actually check?

It recomputes the SHA-256 cryptographic hash of the file you upload and compares it to the hash recorded in the receipt JSON. If both hashes match the file has not been altered by a single bit since the receipt was issued. The check happens locally in your browser using the Web Crypto API, so neither the file nor the receipt leaves your device.

What is SHA-256 and why is it used here?

SHA-256 is the 256-bit Secure Hash Algorithm published by NIST in 2002 as part of the SHA-2 family. It produces a 64-character hexadecimal fingerprint of any input. Changing a single bit anywhere in the file changes roughly half of the output bits (the avalanche property). No collisions have been found in over 20 years of cryptanalysis. Bitcoin, TLS certificates, Git, and most digital-signature standards rely on it.

Does a matching hash prove when the file was created?

No. A matching hash only proves the file is identical to the version that produced the hash in the receipt. The receipt's timestamp value is what you generated when you ran the timestamp tool. For legally defensible time anchoring, use a Trusted Timestamping Authority (RFC 3161) such as DigiCert, Sectigo, or FreeTSA that countersigns the hash with their own clock and certificate.

What if the verifier reports a mismatch?

A mismatch means one of three things: the file has been modified (even a single byte), you uploaded a different file than the one originally hashed (common when files are downloaded and re-uploaded through email or messaging apps that re-encode), or the receipt JSON has been edited. Re-download both the file and the receipt from your original source and try again before concluding the file has been tampered with.

Is SHA-256 the same as MD5 or SHA-1?

No. MD5 (1992) and SHA-1 (1995) are both considered cryptographically broken. Collisions have been demonstrated for both (Wang 2004 for MD5, Stevens 2017 for SHA-1) meaning attackers can craft two different files with the same hash. SHA-256 has resisted attack for over two decades. The tool uses SHA-256 exclusively and refuses to verify legacy MD5 or SHA-1 receipts.

Last updated 2026-05-28.

Privacy and offline operation

Every operation in this tool happens client-side using your browser is built-in APIs (Canvas, Web Audio, WebAssembly). No data leaves your device. After the initial page load you can disconnect from the internet and the tool still works.

We use Google Analytics and AdSense for the page itself, but neither sees the content of the files you process.