Integrity proof for recordings
An integrity proof helps you show that an original recording existed at a specific time and has not changed since.
What it is
When this feature is enabled for your account, Nodl creates a tamper-evident archive for new recordings. The archive contains the original recording and a small certificate file with the details needed to check it later.
How it works
-
Nodl calculates a digital fingerprint of the original recording. Even a tiny change would create a different fingerprint.
-
Nodl sends only that fingerprint to an independent trusted timestamp service. The recording itself stays in Nodl.
-
The timestamp service signs the fingerprint and returns a proof that is saved with your recording.
What the archive contains
The ZIP archive contains the original recording and an integrity certificate in JSON format. The certificate lists the fingerprint, timestamp service, signed proof, and whether the bundled recording still matches the stored fingerprint.
How it can be checked
You can verify the proof independently of Nodl, using the audio file and the JSON certificate from the integrity archive. The steps below are for technically minded reviewers.
Technical verification step by step
The integrity archive (ZIP) contains the original audio file and integrity-certificate.json. Together they support two checks: whether the file is unchanged and whether an independent service confirmed the fingerprint at a specific point in time.
For technically minded users
This guide is for people with a technical background who want to verify the proof themselves and present evidence to third parties.
-
Extract the archive
Unzip the archive. You will find the original audio file (see original_filename) and integrity-certificate.json.
-
Verify the audio fingerprint
Calculate SHA-256 over the audio file and compare the result with integrity_hash_sha256 in the certificate. If they match, the file is unchanged. The field integrity_hash_matches_exported_file should be true. Nodl already performs this check when creating the export. If it is false, the bundled file does not match the stored fingerprint.
-
Extract the timestamp proof
integrity_tsa_proof_blob contains the RFC 3161 timestamp as Base64 text. Decode it into a .tsr file to inspect or cryptographically verify the proof.
-
Verify the timestamp cryptographically
With OpenSSL you can display the timestamp and verify it against the certificate chain of the service named in integrity_tsa_authority. Download the required CA files from that timestamp provider (for example freetsa.org).
Important fields in integrity-certificate.json
- original_filename
- Filename of the bundled original audio file in the archive.
- integrity_hash_sha256
- SHA-256 fingerprint of the original file, for direct comparison with your own calculation.
- integrity_hash_algorithm
- Hash algorithm used (currently sha256).
- integrity_tsa_timestamp
- Trusted timestamp time in UTC.
- integrity_tsa_authority
- Hostname of the independent timestamp service.
- integrity_tsa_proof_blob
- Base64-encoded RFC 3161 timestamp proof.
- integrity_hash_matches_exported_file
- true if the bundled audio matches the stored fingerprint; false if it differs.
Example commands
Replace original-call.mp3 with the actual filename from your archive. Cryptographic timestamp verification requires CA certificates from the named timestamp provider.
# 1) Calculate the audio fingerprint
shasum -a 256 original-call.mp3
# 2) Compare with integrity_hash_sha256 from the certificate
jq -r '.integrity_hash_sha256' integrity-certificate.json
# 3) Extract the timestamp proof from the certificate
jq -r '.integrity_tsa_proof_blob' integrity-certificate.json | base64 --decode > proof.tsr
# 4) Display the proof
openssl ts -reply -in proof.tsr -text
# 5) Verify the timestamp cryptographically (CA files from the provider)
openssl ts -verify -data original-call.mp3 -in proof.tsr -CAfile tsa-root.pem -untrusted tsa-intermediates.pemGood to know
This is a technical integrity proof, not legal advice and not a guarantee for any specific dispute.