Qualified timestamping and why it matters

21 January 2026 · 6 min read · Nextarp B.V.

Signatures prove who; timestamps prove when. Without a trusted timestamp, a signature relies on the signer's own clock - which anyone could have set. A cryptographic timestamp fixes a document in time using an independent, trusted source.

How RFC 3161 works

Your system hashes the signature (never the document content itself) and sends the hash to a Time-Stamping Authority (TSA). The TSA returns a signed token binding that hash to its trusted time. Anyone can later verify the token to prove the signed data existed no later than that moment - without seeing the document.

Qualified timestamps under eIDAS

A qualified TSA appears on an EU trusted list and meets strict operational requirements. A qualified electronic timestamp carries a legal presumption of accuracy across the EU - the timestamp equivalent of a qualified signature.

Where timestamps appear

  • At signing - proving the signature predates certificate expiry or revocation.
  • In long-term validation - archival timestamps chain over the document to extend validity for years.

Practical guidance

Use a reputable (ideally qualified) TSA, configure it once, and let every signature carry a timestamp automatically. DocsNG supports any RFC 3161 TSA, including qualified providers, so your documents are anchored in trusted time by default.

Related articles

DocsNG is the free, self-hostable platform for generating, signing and verifying documents. Get DocsNG or try the live demo.

← Back to the blog