instantproof.legal
EN | NL Log in Create proof
Inside the evidence package

What is a digital certificate?

A instantproof.legal certificate is a signed, timestamped package that binds a piece of digital content — a file, a web page, or a controlled browser session — to a specific moment in time. The certificate is a PDF, but the real evidence sits in the cryptographic hashes, RFC 3161 timestamps, and the Ed25519 signature bundled alongside it.

Verify a certificate See the flow
SHA-256Content hashes
Ed25519Manifest signature
RFC 3161Trusted timestamps
Signed certificate illustration

How a certificate is built.

Every instantproof.legal certificate goes through the same five steps. Each step leaves an artifact that ends up inside the metadata ZIP shipped with the PDF.

Content captured File or browser session # Hashed SHA-256 digest Signed Ed25519 manifest Timestamped RFC 3161 TSA PDF Certificate issued + metadata ZIP

What is inside a certificate package.

Each download ships a PDF certificate plus a metadata ZIP. Together they contain everything an independent third party needs to re-verify your evidence.

PDF

Signed PDF certificate

A human-readable affidavit listing the certificate ID, certified subject, hashes, and the Ed25519 signature value.

ZIP

Metadata ZIP

Bundles every supporting artifact: manifest, signature, public key, hashes, timestamps, and network log.

HAR

network.har

For browser sessions, the HAR log of requests issued during the recorded session.

Video recording

For browser sessions, the screen recording of the controlled session in WebM, MP4, or MKV.

#

SHA-256 hashes

One .sha file per signed artifact, recording its SHA-256 digest in hex.

TS

Timestamp files

Matching .tsq request and .tsr response files from an RFC 3161 timestamp authority.

Why a certificate beats a screenshot.

A screenshot is a picture. A certificate is a chain of cryptographic facts: hashes prove the content has not changed, an Ed25519 signature binds those hashes to this service, and an RFC 3161 timestamp anchors them to a specific moment in time — verifiable by anyone, even after the original content is gone.

Tamper-evidentAny change to the content breaks its SHA-256 hash.
Independently verifiableThe public key, signature, and manifest let a third party re-check the chain offline.
Time-anchoredRFC 3161 timestamps prove the artifacts existed at certification time.
Self-containedEverything needed to verify travels with the certificate — no account or login required.
Capture, hash, timestamp, sign workflow

How to verify a certificate.

Anyone can upload a instantproof.legal PDF and have its signature re-checked on this site. No account, no login — just the file.

1
Open the verifierGo to /verify on this site.
2
Upload the certificate PDFPick the signed PDF from the original certificate package.
3
Answer the security checkA short math question keeps automated abuse off the public endpoint.
4
Read the resultThe verifier matches the upload against the original signed manifest and shows ✓ if everything lines up.
Verify a certificate now

Verification result, plain language.

The verifier returns one of three outcomes. No legal opinion — just whether the cryptographic chain holds.

✓ Signature valid
✗ PDF modified
✗ Unknown ID
✗ Signature broken

Need to verify or issue a certificate?

Verify an existing certificate on the public verifier, or sign in to your dashboard to create a new one.

Verify a certificate