The latest articles on DEV Community by C Grx (@c_grx_aa93914cf1f2e794f37). https://dev.to/c_grx_aa93914cf1f2e794f37 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3796577%2F7dfbde0a-04df-45b0-9723-185e5e92e3f5.png https://dev.to/c_grx_aa93914cf1f2e794f37 en C Grx Fri, 27 Feb 2026 14:49:00 +0000 https://dev.to/c_grx_aa93914cf1f2e794f37/how-to-add-legal-grade-timestamps-to-any-file-in-5-lines-of-python-3ohb https://dev.to/c_grx_aa93914cf1f2e794f37/how-to-add-legal-grade-timestamps-to-any-file-in-5-lines-of-python-3ohb <p>Last year, a client ghosted me after I sent them design files. Two months later, I saw my work on their website. I had no proof I created it first.<br> So I built an API that solves this. One call, and you get a court-admissible proof of existence.<br> The problem<br> You create something. You share it. Someone steals it. How do you prove you made it first?<br> Screenshots? Timestamps on your hard drive? Email to yourself? None of that holds up.<br> The solution: 5 lines of Python<br> pythonimport hashlib, requests</p> <p>with open("my_file.pdf", "rb") as f:<br> file_hash = hashlib.sha256(f.read()).hexdigest()</p> <p>r = requests.post("<a href="https://certify.sbix.io/api/certify" rel="noopener noreferrer">https://certify.sbix.io/api/certify</a>",<br> headers={"Authorization": "Bearer YOUR_API_KEY"},<br> json={"leaves": [file_hash], "leaves_hashed": True})</p> <p>print(r.json())<br> Response in &lt; 3 seconds:<br> json{<br> "proof_id": "proof_a1b2c3d4e5f6g7h8",<br> "eidas_qualified": true,<br> "tsa_type": "eIDAS Qualified",<br> "merkle_root": "e8d5baba90968ce9..."<br> }<br> What just happened?</p> <p>Your file was hashed locally — it never left your machine<br> The hash was timestamped with an eIDAS Qualified RFC-3161 timestamp (legally binding in 27 EU countries)<br> The proof was anchored on the Tezos blockchain — immutable, public, forever<br> A backup was stored on Aleph Cloud — decentralized, no single point of failure</p> <p>You now have a proof that your file existed at that exact moment. If anyone steals your work, you have court-admissible evidence.<br> What you get<br> Every proof includes:</p> <p>PDF certificate with QR code for instant verification<br> RFC-3161 timestamp token (.tsr file)<br> Blockchain anchor on Tezos (verifiable on tzkt.io)<br> Evidence Pack — 8-file ZIP that verifies offline. No internet needed. No account needed.</p> <p>The Evidence Pack includes verify.sh and verify.py scripts. If SBIX disappears tomorrow, your proof still works with standard tools (OpenSSL + sha256sum).<br> Public verification<br> Anyone can verify a proof without an account:<br> bashcurl <a href="https://certify.sbix.io/api/v1/verify/proof_a1b2c3d4e5f6g7h8" rel="noopener noreferrer">https://certify.sbix.io/api/v1/verify/proof_a1b2c3d4e5f6g7h8</a><br> json{<br> "success": true,<br> "data": {<br> "verified": true,<br> "has_eidas": true<br> }<br> }<br> Use cases</p> <p>Freelancers: Certify deliverables before sending to clients<br> Developers: Timestamp your code before open-sourcing<br> Photographers: Prove you took the photo before sharing<br> Legal: Court-admissible evidence in 27 EU countries<br> Anyone: Prove any file existed at a specific date</p> <p>Pricing</p> <p>Free: 5 proofs/month (no credit card)<br> Pro: $29/month — unlimited proofs + Evidence Pack<br> Legal: $49/month — eIDAS Qualified + court-ready bundle</p> <p>API docs: <a href="https://certify.sbix.io/api-reference" rel="noopener noreferrer">https://certify.sbix.io/api-reference</a><br> Try it: <a href="https://certify.sbix.io" rel="noopener noreferrer">https://certify.sbix.io</a><br> Built on EU sovereign infrastructure (AS30077). No US jurisdiction. Your data never leaves Europe.</p> <p>I'm a solo founder building this from Cyprus. Happy to answer any questions in the comments.</p> api python showdev tutorial