nexart.iodocs

    Hash-Only Timestamping

    A receipt mode that signs only the certificateHash, proving existence at a specific time.

    What is Hash-Only Timestamping?

    Hash-only timestamping signs the certificateHash of a CER. The node does not attest the snapshot contents. The receipt proves that the hash existed at a specific time. It does not prove what the hash represents or that the underlying execution data is complete.

    This mode is distinct from full signed receipts and from redacted reseals. It provides the narrowest form of attestation in NexArt.

    How It Works

    1. A CER bundle is created with bundleType: "hash-only-timestamp"
    2. The certificateHash is present in the bundle
    3. The snapshot may be null, missing, or incomplete
    4. The node signs a receipt binding the hash and timestamp. It does not recompute or verify snapshot contents.

    Example

    Hash-Only Timestamp CER
    {
  "bundleType": "hash-only-timestamp",
  "version": "0.1",
  "createdAt": "2026-03-06T12:00:00.000Z",
  "snapshot": null,
  "certificateHash": "sha256:9e8d7c6b5a4f..."
}

    When Is It Used?

    Hash-only timestamping is not a common default. It applies in specific scenarios:

    • Legacy records. Records where full execution snapshots were never captured.
    • Migration. Systems migrating to NexArt that only have hash references from a prior system.
    • Proof-of-existence. Workflows where the goal is to prove a hash existed at a specific time, without attesting the underlying content.

    Verification

    Hash-only timestamp records verify as VERIFIED when all applicable checks pass. Per the CER Protocol:

    • Bundle Integrity - PASS. The bundle structure and certificateHash are consistent.
    • Node Signature - PASS. The receipt signature is valid against the node's public key.
    • Receipt Consistency - PASS. The receipt references the correct certificateHash.

    The attestation scope is narrower than a full signed receipt (snapshot contents are not attested), but the verification status is VERIFIED because all applicable checks pass.

    Compared to Full Signed Receipts

    A full signed receipt (bundleType: "signed-receipt") attests the entire CER bundle, including the snapshot. Hash-only timestamps attest only the hash reference.

    Both verify as VERIFIED when all applicable checks pass. The difference is in attestation scope, not verification status.