ChronoVerify update, July 17, 2026: trusted timestamps in every signed report
Twelve days since the last update, and the headline is one feature that changes what a ChronoVerify report can prove: every signed report now embeds an RFC 3161 trusted timestamp from an independent timestamp authority, verifiable offline by anyone. This post covers how that works, what else shipped, and the boundaries that have not moved. The backdrop is unchanged and closer: the EU AI Act's Article 50 transparency obligations apply from August 2, 2026, just over two weeks from now.
What shipped
Every signed report now carries a trusted timestamp
Signed PDF reports have always carried an Ed25519 signature you can verify offline against the public key embedded in the report. As of this week they also embed an RFC 3161 trusted timestamp: a token issued by an independent timestamp authority over the SHA-256 of the exact payload the signature covers. The token rides inside the PDF as its own base64 block, and the report prints the openssl command that verifies it. A third party can confirm, offline and with no ChronoVerify involvement, that the verification record existed no later than the token's time.
Details that matter if you handle evidence: the token is requested with the authority's signing certificate included, and it is validated locally before the report will embed or claim it. That local check covers the token's size, its digest algorithm, and an exact match between the token's message imprint and the signed payload hash. If the timestamp authority is down, or returns anything that does not validate, the report still builds and its timestamp line states exactly what happened: "not requested", "unavailable", or "failed local validation". A report never claims more than its own bytes can prove.
Two honest boundaries. First, the timestamp dates the verification record, not the photograph; capture-time evidence still comes from the file itself. Second, a timestamped report is still investigative triage, not courtroom proof. What it adds is one independently checkable fact: this record, covering this file hash, existed by this time, attested by someone other than us. Site copy that described reports as a "signed audit record" now reads "signed, timestamped audit record" again, because as of this week that is simply true.
A quickstart hub at /docs
The new docs page is one screen from zero to a verified image: a curl call that needs no key, a free key for 100 verifications a month, the permalink and signed-report calls, and pointers for the MCP server and the browser extension. There is a Docs link in every nav. If you only read one developer page, that is the one.
A brand mark with a point of view
The blue crosshair lens is gone. ChronoVerify's mark is now an old-school magnifier, brass ring and wooden handle. The tool category we belong to is not futuristic scanning; it is patient examination of evidence, and the mark now says so. You will see it on the site, the verifier, and the browser extension.
Smaller changes worth a line each
- Report building runs in its own lane. The timestamp call adds a network step to report generation, so reports now have their own concurrency bound. A slow timestamp authority can never slow a verification call.
- HEAD requests are answered on every GET route. Agents, link checkers, and uptime monitors probe with HEAD constantly; they now get proper answers instead of errors.
- A calibration page at /benchmark. It documents how verdict behavior is exercised against a regression corpus, in the open.
- A site-wide copy pass. American spellings throughout, tightened agent-facing pages, and small interface polish.
Why a trusted timestamp is worth having
A verification record is a claim about a moment: this file, with this hash, produced this verdict, under this method version. The Ed25519 signature proves the record was not altered and that we issued it. The trusted timestamp adds the piece a signature alone cannot provide: proof of when the record existed, attested by an independent authority whose business is exactly that attestation. For anyone building a case file, an audit trail, or a chain of custody, "verifiable by a third party, offline, without trusting the vendor's clock" is the property that matters. That is now the default in every signed report, at no change in price.
What has not changed
The boundaries hold. ChronoVerify is not an AI-image detector and does not claim to be; it validates provenance and reads the evidence a file actually carries. A clean verdict is triage, not proof a scene is real. Metadata can be stripped or forged, and the verdict language says what the file itself can and cannot support. The pipeline is deterministic: the same file returns the same verdict, and no language model scores your image. Pricing is unchanged: the verifier is free, a free API key covers 100 verifications a month with no card, pay as you go is $0.003 per image after that, and signed reports are $0.20 each or included in paid plan quotas.
Generate a signed report and verify its timestamp yourself, with openssl, on your own machine.
Start at the docsCommon questions
What is an RFC 3161 trusted timestamp?
A cryptographic token issued by an independent timestamp authority that proves a specific piece of data existed no later than a specific time. In a ChronoVerify report, the token covers the SHA-256 of the signed verdict payload, so the whole verification record is anchored to a point in time by a party other than ChronoVerify.
How do I verify a report's trusted timestamp myself?
Base64-decode the RFC 3161 timestamp token block printed in the report into a token.der file, then run the openssl ts -verify command the report prints, using the timestamp authority's published CA certificate. The report also prints the exact digest the token must cover. No ChronoVerify service involvement is required; the check works offline.
Does the trusted timestamp date the photo itself?
No. The timestamp dates the verification record, not the photograph. The photo's capture time still comes from the evidence inside the file: validated C2PA Content Credentials, EXIF and XMP metadata, and their internal consistency.
Does a timestamped report make the verdict courtroom proof?
No. The verdict remains investigative triage, and the report says so. What the timestamp adds is one independently checkable fact: this exact record, covering this exact file hash, existed no later than this time, attested by a party other than ChronoVerify.
What happens if the timestamp authority is unreachable?
The report still builds. The timestamp line then states exactly what happened: not requested, service unavailable, or failed local validation. A returned token is validated locally, including an exact match between the token's message imprint and the signed payload hash, before it is embedded. A report never claims a timestamp its own bytes cannot prove.
Sources and further reading: RFC 3161, Time-Stamp Protocol; EU AI Act Article 50; C2PA Specifications; the ChronoVerify method and limits; the report verification tool.