Zero-knowledge timestamping and document signing with Bitcoin blockchain anchoring.
We only see hashes, never your data. Proofs are anchored to the Bitcoin blockchain via OpenTimestamps.
Prove that a file existed at a specific point in time. Drop any file – it gets hashed locally, submitted to OpenTimestamps calendar servers, and anchored to the Bitcoin blockchain within 24-48 hours. Download a .ots proof file that can be verified independently forever.
Use cases: Research data, intellectual property, contracts, creative works, legal documents.
Multi-party document signing with blockchain proof. Create a signing session, invite signers via email, each party verifies the document hash and signs cryptographically. The final signature package is anchored to Bitcoin.
Sign via email: Send to signers with sign@otrust.eu in CC – one-click signing, no accounts needed.
Use cases: Contracts, agreements, NDAs, board resolutions, consent forms.
- 🔐 Zero Knowledge – Files are hashed locally; only the hash is sent
- ⛓️ Blockchain Anchored – Timestamps verified against Bitcoin blockchain
- ✍️ Multi-Party Signing – Signed service for document signing with blockchain proof
- 🆔 No Accounts – No registration, no tracking, no data collection
- 🔑 Ed25519 Signatures – Cryptographic proof of authorship
- 🌐 Open Source – MIT licensed, self-host friendly
- 🛡️ Security Hardened – CSRF protection, rate limiting, CSP headers
- Timestamp: www.otrust.eu – Drop a file to timestamp it
- Signed: www.otrust.eu/sign – Create a signing session
Install from Chrome Web Store: OTRUST Blockchain Timestamper
# Install globally
npm install -g otrust-core
# Generate a keypair
otrust keygen > ~/.otrust/key.json
# Timestamp a file
otrust claim document.pdf
# Check status
otrust status ot_abc123xyz
# Verify a proof
otrust verify document.pdf document.pdf.ots# Get a challenge
curl https://www.otrust.eu/challenge
# Submit a claim
curl -X POST https://www.otrust.eu/claim \
-H "Content-Type: application/json" \
-d '{"hash":"...","signature":"...","pubkey":"..."}'See API Documentation for full reference.
- Node.js 18+
- MongoDB 6.0+
git clone https://github.com/otrust-eu/core.git
cd core
npm installCreate a .env file:
# Required
MONGODB_URL=mongodb://localhost:27017
MONGODB_DB=otrust
# Server
PORT=8080
# Optional: Email notifications (Resend)
SMTP_HOST=smtp.resend.com
SMTP_PORT=465
SMTP_USER=resend
SMTP_PASS=re_xxx# Development
npm run dev
# Production
npm start# Single container
docker build -t otrust .
docker run -p 8080:8080 -e MONGODB_URL=mongodb://host:27017 otrust
# Full stack with docker-compose (includes MongoDB)
docker-compose up
# With MongoDB admin UI
docker-compose --profile debug up| Variable | Description | Default |
|---|---|---|
MONGODB_URL |
MongoDB connection string | mongodb://localhost:27017 |
MONGODB_DB |
Database name | otrust |
PORT |
Server port | 8080 |
SMTP_HOST |
SMTP server for notifications | - |
SMTP_PORT |
SMTP port | 465 |
SMTP_USER |
SMTP username | - |
SMTP_PASS |
SMTP password | - |
- Hash – Your file is hashed locally (SHA-256)
- Sign – The hash is signed with your Ed25519 private key
- Submit – Only the hash + signature are sent to the server
- Anchor – OpenTimestamps aggregates hashes and anchors to Bitcoin
- Prove – Download the
.otsproof file when confirmed
The server never sees your original file. Verification can be done offline against any Bitcoin node.
┌──────────────┐ hash+sig ┌──────────────┐ merkle ┌──────────────┐
│ Client │ ───────────────▶ │ OTRUST │ ─────────────▶ │ Bitcoin │
│ (browser) │ │ (server) │ │ (blockchain) │
└──────────────┘ └──────────────┘ └──────────────┘
│ │ │
│ file never leaves │ only stores hashes │ immutable
│ your device │ + signatures │ timestamp
otrust-core/
├── src/ # Core application
│ ├── server.js # Express app, routes, middleware
│ ├── crypto.js # Ed25519/secp256k1 signatures
│ ├── db.js # MongoDB connection & queries
│ └── pow.js # Proof-of-work challenges
├── cli/
│ └── otrust.js # CLI tool (npm install -g)
├── web/ # Static frontend
│ ├── index.html # Timestamp – main interface
│ ├── sign.html # Signed – create signing session
│ ├── sign-act.html # Signed – signer action page
│ ├── sign-view.html # Signed – view session status
│ ├── docs.html # Documentation hub
│ ├── api-docs.html # API reference (Swagger UI)
│ ├── about.html # About page
│ ├── install.html # Desktop app installer
│ ├── setup.html # Setup wizard
│ ├── privacy-policy.html # Privacy policy
│ ├── terms.html # Terms of service
│ ├── openapi.json # OpenAPI 3.0 specification
│ └── extension/ # Browser extension (built)
├── test/ # Test suites
│ ├── *.test.js # Jest unit/integration tests
│ ├── e2e/ # Playwright E2E tests
│ └── setup.js # Test configuration
├── scripts/ # Build & maintenance scripts
│ ├── build-extension.js # Build browser extension zip
│ └── sync-docs.js # Validate OpenAPI spec
├── addons/ # Optional integrations
│ ├── browser-extension/ # Chrome/Firefox extension source
│ ├── google-workspace/ # Google Docs/Sheets/Drive addon
│ ├── gpt/ # ChatGPT custom GPT integration
│ ├── telegram-bot/ # Telegram bot (@OTRUSTbot)
│ ├── whatsapp-bot/ # WhatsApp Business API bot
│ └── email-worker/ # Cloudflare Email Worker (email-to-timestamp)
├── docs/ # Documentation
│ ├── CHANGELOG.md # Version history
│ └── SECURITY_AUDIT.md # Security audit report
├── .github/ # GitHub configuration
│ ├── workflows/ # CI/CD pipelines
│ ├── CONTRIBUTING.md # Contribution guidelines
│ ├── SECURITY.md # Security policy
│ └── ISSUE_TEMPLATE/ # Issue templates
├── Dockerfile # Container build
├── docker-compose.yml # Full stack deployment
└── package.json
OTRUST can be accessed through multiple channels:
| Integration | Description | Status |
|---|---|---|
| Web | Main interface at otrust.eu | ✅ Live |
| Email Signing | CC sign@otrust.eu to sign documents |
✅ Live |
| Browser Extension | Chrome/Firefox right-click timestamp | ✅ Chrome Web Store |
| CLI | Command-line tool via npm | ✅ npm i -g otrust-core |
| API | REST API for developers | ✅ Docs |
| Google Workspace | Add-on for Docs, Sheets, Drive | ✅ Available |
| ChatGPT | Custom GPT for AI-assisted timestamping | ✅ Available |
| Telegram Bot | @OTRUSTbot for mobile timestamping | 🔜 Coming soon |
| WhatsApp Bot | Business API integration | 🔜 Coming soon |
MIT © OTRUST
| Command | Description |
|---|---|
npm start |
Start production server |
npm run dev |
Start with hot-reload (watch mode) |
npm test |
Run all Jest tests |
npm run test:unit |
Run unit tests only |
npm run test:integration |
Run API integration tests |
npm run test:coverage |
Run tests with coverage report |
npm run test:e2e |
Run Playwright E2E tests |
npm run test:all |
Run all tests (Jest + Playwright) |
npm run build:extension |
Build browser extension zip |
Contributions are welcome! Please read our Contributing Guide first.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Found a security issue? Please report it privately via GitHub Security Advisories or email security@otrust.eu.
See our Security Policy for details.
Bitcoin donations: bc1q3pvu7q26hk5daks9jy3r4jakw5yx3hd7kvjxj2