Trusted UTC — Accurate time, made certain

Accurate time, made certain.

so everything your system produces is stamped with a verifiable timestamp.

so instead of stamping objects one at a time, the stamp is built into your system — and runs on its own.

$ trustedutc anchor --demo checking

01 accurate

clock —source=navigator · drift=unknown · trust=none

02 transform

POST /v1/anchordevice_pubkey  —nonce          —tas_signature  waiting…

03 certain

anchorutc_ms         —  ±—tas_sig        —verify         —

— /v1/pubkey · /healthz · source

What it does § 01

The classical timestamping approach — TSA RFC 3161, OpenTimestamps — stamps one object at a time: send a document, receive a stamp, attach it. Works, but costs one explicit call per object.

Trusted UTC stamps the system. Once integrated, every object the system produces is born with a verifiable timestamp, no explicit call per object.

   TSA / OpenTimestamps         Trusted UTC
   ────────────────────         ─────────────────────────────
   one timestamp per object     periodic TAS anchor
   N objects → N requests       N objects signed locally
   on-demand, documents         continuous, systems

Trusted UTC is not a qualified timestamping authority under eIDAS, and does not replace RFC 3161 TSAs in regulated contexts. It is a software-only cryptographic primitive for temporal attestation, built for developers who want verifiable time in their systems without the friction of enterprise timestamping.

How it works § 02

  TAS       issues Ed25519-signed anchors, rooted in NTP/NTS.
   │
   ├──▶ SDK       keeps a local monotonic clock anchored to the latest anchor.
   │     │
   │     ├──▶ Event     every event is signed locally with the device key.
   │     │
   ▼     ▼
  Verifier    offline verification against the TAS public key.

$ curl — request an anchor:

# POST /v1/anchor
curl -X POST https://api.trustedutc.com/v1/anchor \
  -H "X-API-Key: <your-key>" \
  -H "Content-Type: application/json" \
  -d '{
    "device_id": "my-device",
    "device_pubkey": "<base64-ed25519-32B>",
    "nonce": "<base64-random-32B>",
    "identity_attestation": null
  }'

— response:

{
  "anchor_id": "anc-1745396893412",
  "utc_ms": 1745396893412,              // UNIX ms at TAS signing time
  "uncertainty_ms": 2,                  // declared band (RTT/2 + margin)
  "valid_until_ms": 1745400493412,      // anchor validity window (1h)
  "identity_verified": false,
  "identity_attestation_hash": "AAAA…", // 32B zero (no attestation)
  "tas_signature": "VwgbD9B4…",        // Ed25519 over canonical payload
  "nonce": "IWnVwlb4…"               // echo for anti-replay
}

For whom § 03

i
Audit trails for critical operations. Financial transactions, cash handling, industrial events — each event carries a timestamp verifiable after the fact, without trusting the producing machine's clock.
ii
Provenance of generated content. Photos, documents, logs: when the file was produced, provable mathematically. The CBOR bundle travels with the object; verification is offline.
iii
Tracking systems. Position, presence, activity: where you were, and when, with temporal guarantees. Useful where the device clock is not trusted and a TSA call per ping is disproportionate.

Status § 04

api.trustedutc.com/healthz GET checking…

tas_version v0.1.1 current

tas_pubkey (Ed25519) U4RSC+/Qxl8w9JvUlbDdxDBQ/Syqrhn5eVZJnKUFYI0= checking…

fetch GET /v1/pubkey

latest anchor observed — —

Changelog § 05

2026-04-23 identity attestation scaffolding · 17 tests green v0.1.1
2026-04-22 v0.1.0 live · TAS on api.trustedutc.com · 11 tests green v0.1.0
2026-04-20 CBOR canonical bundle format frozen · verifier CLI first pass
2026-04-18 rate limiting active · offline-encrypted key backup
2026-04-15 TAS scaffold in Go · NTS source via time.cloudflare.com

Docs & code § 06

spec trustedutc-spec-extract.md — anchor schema, identity attestation, verification.
source github.com/andreafilippomastalli/trustedutc — TAS in Go, SDK, Verifier CLI.
contact beta@trustedutc.com — beta access, API keys, technical questions.