ExistBefore

Hashing model

ExistBefore hashes content locally in the browser using SHA-256 (FIPS 180-4). Small files use the Web Crypto API; files over 5 MB use @noble/hashes streaming to avoid loading the entire file into memory. Maximum supported file size is 2 GB.

For text input, ExistBefore applies the ExistBefore Canonical Form v1 before hashing: strip BOM (U+FEFF), normalize line endings to LF, remove a single trailing newline, then encode as UTF-8. This ensures cross-platform reproducibility — the same text produces the same hash regardless of operating system.

Zero-knowledge architecture

The original content never leaves the browser. Only the 64-character hex hash is transmitted through a server-side proxy that injects the CertiSigma API key. The proxy strips incoming headers and forwards a minimal JSON payload. The API key is never exposed to client-side code.

Three proof layers

T0 — Digital signature (immediate)

The CertiSigma API returns an ECDSA P-256 signature (FIPS 186-4) over the attestation payload (formatVersion|hashHex|timestamp). The signature is in DER format and can be validated client-side by converting to IEEE P1363 format for the Web Crypto API.

T1 — Qualified timestamp (~1 hour)

Attestations are aggregated into a Merkle tree. The tree root receives a qualified timestamp from an accredited TSA provider per RFC 3161, with legal value under eIDAS Art. 41 (EU Regulation 910/2014). This keeps per-attestation costs negligible while providing full legal force.

T2 — Bitcoin anchor (24–48 hours)

Merkle roots are anchored to Bitcoin via OpenTimestamps. This adds long-term, decentralized verifiability that does not depend on any single infrastructure operator. The .ots proof file is downloadable from the proof status page.

Independent verification

Verification does not require trusting ExistBefore. Three independent paths exist:

• Online: re-submit the same content on the verification page
• API: call POST /verify on the public CertiSigma API
• Offline: recompute the hash, reconstruct the signed payload, fetch the public key from GET /keys/{id}, and validate the ECDSA signature with any cryptographic library

Metadata extraction

For image files, ExistBefore extracts EXIF metadata (date, device, GPS, camera settings) entirely in the browser. If a creation date is found, it is compared with the attestation timestamp to detect timeline coherence. Users can exclude sensitive fields (GPS, device) from the PDF certificate.

Standards reference

• SHA-256: FIPS 180-4
• ECDSA P-256: FIPS 186-4
• Qualified timestamps: RFC 3161, eIDAS Art. 41
• Bitcoin anchoring: OpenTimestamps
• PDF generation: ISO 32000 (client-side via jsPDF)