Guide
Hashing & fingerprints
How DataSeal.net turns your file or text into a fixed-size fingerprint—and why that fingerprint is the foundation of every certificate.
What is a hash?
A hash (or digest) is a short string of characters produced from data of any size. Run the same hashing algorithm on the same bytes and you always get the same result. Change even one bit and the hash changes completely.
Think of it like a tamper-evident seal on the data: the hash is not the file itself, but a unique fingerprint derived from it.
Everyday analogy
Imagine shredding a document and mixing the pieces into one sealed bag whose label is computed from the exact shreds inside. You cannot reconstruct the document from the label—but if someone swaps the contents, the label will not match anymore.
Real hashes use math, not shredding—but the idea of a unique label for exact bytes is the same.
Why SHA-256?
DataSeal.net uses SHA-256, a widely trusted hashing standard. On a certificate you will see a clone-proof fingerprint: 64 lowercase hexadecimal characters (256 bits of output).
- One-way — you cannot reverse the hash to recover the original file.
- Deterministic — identical bytes always produce the same fingerprint.
- Sensitive — any change to the data produces a different hash.
What you will see on a certificate
Your file or text (any size)
│
▼ SHA-256 in your browser or app
Clone-proof fingerprint → e4a7…9f2c (64 hex characters)The certificate stores and displays this fingerprint. It proves which exact data was timestamped—not a similar copy, not a renamed file.
Clone-proof: why duplicates cannot forge your proof
Two people with the same file get the same hash—that is intentional. If someone else has your exact bytes, they can recompute the same fingerprint, but they cannot claim your timestamp unless they also control your proof link and anchor record.
What hashing prevents is subtle tampering: a modified file, a trimmed paragraph, or a re-exported PDF will produce a different fingerprint and will not match your certificate.
How to verify a fingerprint yourself
Anyone with the original data can check a certificate independently:
- Hash your file or text with SHA-256 (same algorithm as the certificate).
- Compare your result to the clone-proof fingerprint on the certificate.
- If they match, you are looking at the same bytes that were timestamped.
On hash-only certificates, DataSeal.net never stores your original payload—only the fingerprint—so this local check is the main way visitors confirm content.
Try it with our free SHA-256 tool (runs entirely in your browser; nothing is uploaded).
Hashing vs the blockchain anchor
Hashing answers: what was timestamped. The blockchain anchor answers: when and where that fingerprint was recorded on-chain.
These are separate steps. Your fingerprint is embedded inside an anchor transaction, but the fingerprint itself is not the Merkle leaf—the transaction is. Read our blockchain guide for why the ledger matters, and the Merkle proofs guide for how block inclusion works.
What hashing does not prove by itself
- It does not prove who created the data—only that a specific blob existed when it was timestamped.
- It does not prove the data landed on the blockchain—you still need the anchor transaction and Merkle proof for that.
- It cannot recover lost originals in hash-only mode if you did not keep a copy of your file.
Glossary
- Hash / digest
- Fixed-size output from a hashing algorithm applied to your data.
- SHA-256
- The 256-bit secure hash algorithm used for DataSeal fingerprints.
- Hex / hexadecimal
- Base-16 encoding; DataSeal fingerprints are 64 hex characters.
- Clone-proof fingerprint
- The SHA-256 hash of your timestamped bytes shown on a certificate.
- Deterministic
- Same input always yields the same hash.
- One-way
- Cannot derive the original data from the hash alone.