SBIX Certify

🚀 Getting Started

What is SBIX Certify?

SBIX Certify is a cryptographic proof-of-existence platform that creates immutable, triple-anchored evidence for any digital data. Each proof combines an eIDAS Qualified Timestamp (court-admissible in 27 EU states), Tezos Mainnet blockchain anchoring, and Aleph Cloud decentralized storage.

Quick Start in 3 Steps

1

Upload your file or send a hash

Use the web interface (drag & drop) or the API (JSON with hashes). Your file is never stored — only its cryptographic hash.

2

Get your proof

Receive a proof ID with triple anchoring: eIDAS Qualified Timestamp, Tezos blockchain, and Aleph Cloud/IPFS. Download a PDF certificate or full Evidence Pack.

3

Share & verify

Share the public verification link. Anyone can verify independently — no SBIX account required.

⚙️ How It Works

The Certification Pipeline

📤

Input

Hash or file upload

→

🔐

SHA-256

Cryptographic hash

→

🌳

Merkle Tree

N items → 1 root

→

🇪🇺

eIDAS TSA

Qualified timestamp

→

✍️

HMAC

Integrity signature

→

⛓️

Blockchain

Tezos + Aleph

🔐 SHA-256 Hash

A unique 256-bit fingerprint of your data. Even a single bit change produces a completely different hash. This ensures any modification is instantly detectable.

e3b0c44298fc1c14...

🌳 Merkle Tree

A binary hash tree that compresses N items into a single root hash. Whether you certify 1 or 10,000 items in one call, only one root is timestamped — efficient and verifiable.

🇪🇺 eIDAS Qualified Timestamp

An RFC-3161 timestamp from QTSA.eu (AlfaTrust Certification S.A.), a Qualified Trust Service Provider on the EU Trusted List. Court-admissible in all 27 EU member states under Article 41 of the eIDAS Regulation.

✍️ HMAC-SHA256 Signature

A keyed hash-based message authentication code binding the proof ID, Merkle root, and timestamp together. Ensures the proof was issued by SBIX Certify and has not been tampered with.

🔷 Tezos Mainnet

An energy-efficient proof-of-stake blockchain. Your proof's Merkle root is permanently anchored on-chain, providing immutable, publicly verifiable proof of existence.

🟣 Aleph Cloud / IPFS

A decentralized storage and computing network. Provides redundant anchoring across multiple nodes, ensuring your proof survives even if one network experiences issues.

✨ What Every Proof Includes

Every SBIX Certify proof includes all three anchoring layers — no feature gating, no tiers.

Feature	Included
SHA-256 Cryptographic Hash	✅
Merkle Tree (up to 10,000 items/call)	✅
HMAC-SHA256 Integrity Signature	✅
🇪🇺 eIDAS Qualified Timestamp (QTSA.eu)	✅
⚖️ Court-Admissible in 27 EU States	✅
Tezos Mainnet Anchoring	✅
Aleph Cloud / IPFS Anchoring	✅
PDF Certificate with QR Code	✅
📦 Evidence Pack (8-file ZIP)	✅
🔍 Public Verification Portal	✅
🔌 REST API Access	✅
Case Reference & Requester Identity	✅
Offline Verification Scripts (Bash + Python)	✅

Plans

Plan	Events/Month	Support
Scale — €5,000/mo	100,000	Email + dedicated contact
Institutional — €12,000/mo	500,000	Priority + SLA
Enterprise — Custom	Unlimited	White-glove + on-call

POC available: 30-day free pilot with full functionality. Contact us →

🔌 API Reference

✓ API v6.2 — Production Live

The SBIX Certify REST API allows you to integrate cryptographic certification directly into your applications and workflows.

📖 Full API Documentation →

Quick Start

Certify a hash

curl -X POST https://certify.sbix.io/api/certify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"leaves":["your_sha256_hash"], "leaves_hashed": true}'

Available Endpoints

POST /api/certify — Create a proof (main endpoint)
GET /api/proof/{proof_id} — Retrieve proof details
GET /api/v1/certificates/{proof_id}/evidence-pack — Download Evidence Pack (8-file ZIP)
GET /api/export/proof/{proof_id}.json — Download proof JSON
GET /api/v1/verify/{proof_id} — Public verification (JSON)
GET /verify/{proof_id} — Public verification (no auth)

Response Example

POST /api/certify — 201 Created

{
  "message": "Proof successfully generated",
  "proof_id": "proof_9cec4ed9a95e4ed8",
  "merkle_root": "6e8f29ea62064465c81ff09660995334...",
  "timestamp": "2026-02-01T13:24:55.348703Z",
  "tsa_type": "eIDAS Qualified",
  "eidas_qualified": true
}

🔍 Verification Guide

How to Verify a Proof

1

Open the verification link

Visit certify.sbix.io/verify/{proof_id} — the direct link is on every PDF certificate and in every API response.

2

Review the proof details

The page shows the hash, Merkle root, TSA timestamp, and all blockchain anchors with explorer links.

3

Verify independently (optional)

Use the Evidence Pack scripts (verify.sh or verify.py) to verify everything offline without contacting SBIX.

What Gets Verified?

✅ SHA-256 hash integrity
✅ Merkle tree root recomputation
✅ HMAC-SHA256 signature integrity
✅ RFC-3161 TSA token (eIDAS Qualified)
✅ Tezos Mainnet blockchain anchor
✅ Aleph Cloud / IPFS network anchor

Independent Verification

You can independently verify every layer without SBIX:

TSA Token: openssl ts -verify -in timestamp.tsr -data proof.json
File Integrity: sha256sum -c sha256sums.txt
Tezos: tzkt.io — Search for the transaction hash
Aleph Cloud: explorer.aleph.cloud — Search for the message hash

❓ FAQ

No. Your file is never stored. We only compute and store the cryptographic hash (a 64-character string). The original file is discarded immediately after processing. Your data remains 100% private.

Yes, in the EU. Every SBIX proof includes an eIDAS Qualified Timestamp issued by a Qualified Trust Service Provider (QTSA.eu / AlfaTrust Certification S.A.) on the EU Trusted List. Under Article 41 of the eIDAS Regulation (EU 910/2014), qualified timestamps enjoy the legal presumption of accuracy of the date and time they indicate. This means the burden of proof is on the challenging party — your timestamp is presumed accurate by default in all 27 EU member states.

Any data. Via the web interface: any file up to 50MB (PDFs, images, documents, videos, code, archives). Via the API: any SHA-256 hash or text string, up to 10,000 items per call.

Forever. Once anchored on the blockchain, your proof is permanent and immutable. The TSA token, Tezos transaction, and Aleph Cloud record are all independently verifiable for as long as those networks exist.

Even the smallest modification (a single bit) will produce a completely different hash. The proof only covers the exact version that was certified. If you modify your file, you'll need a new proof.

Each layer serves a different purpose. The eIDAS Qualified Timestamp provides legal standing in EU courts. Tezos Mainnet provides immutable public proof. Aleph Cloud/IPFS provides decentralized redundancy. If any single layer is ever questioned, the other two provide independent corroboration.

The proof and timestamp are generated instantly (under 3 seconds). Blockchain anchoring completes asynchronously, typically within 30–60 seconds for both Tezos and Aleph Cloud.

Yes, safely. Since we only store the hash (not the file), your document's contents remain completely private. The hash cannot be reversed to reveal your document. Perfect for NDAs, contracts, trade secrets, IP evidence, and audit trails.

A self-contained ZIP archive with 8 files: the PDF certificate, proof.json, RFC-3161 TSA token (.tsr), blockchain anchors, verification instructions, Bash and Python verification scripts, and SHA-256 checksums. Everything needed to verify the proof independently, offline, without contacting SBIX.

Yes. The verification portal is completely public — no account, no API key, no authentication. You can also verify every component independently using standard tools (OpenSSL, sha256sum, any Tezos explorer). Zero vendor lock-in.

💬 Need Help?

Can't find what you're looking for? We're here to help.

📧 support@sbix.io 🏢 contact@sbix.io

📚 Documentation