Using your anchor
After the Anchor page downloads your receipt, the timestamp authority's signature is embedded in the file. No server needs to be online to verify it later. Here is what to do with it.
After you download
- Save it with the document. Keep
anchors.jsonin the same folder as the file it describes. A naming convention that works:{filename}-anchors.json. If the document moves, move the receipt with it. - Email it to stakeholders. The file is self-contained and typically under 10 KB. Anyone who receives it can verify the timestamp independently using this Verify page or
openssl ts -verify. The receipt proves the hash existed before the timestamp; you decide separately whether to share the original file. - Embed the hash in Git. Record the hex digest in a commit message or git note:
sha256:<hex> filename. Store theanchors.jsonreceipt alongside the file in the repo. The combination of git commit timestamp plus TSA timestamp gives two independent witnesses to the same hash. - Attach to a DMS or cloud drive. Upload both the document and
anchors.jsonto SharePoint, Google Drive, Dropbox, or S3 as a pair. Use a consistent naming convention and, where the system supports it, add a custom metadata field for theanchored_hashvalue so you can search across receipts later.
OpenChainGraph workflows
If you ran an OpenChainGraph decision tool, your artifact already carries an
execution_hash. Drop the artifact on the Anchor
page and it reads that hash directly without re-hashing the file.
The result is the artifact re-emitted with anchor_bindings appended per
OCG v0.7 section 20. The execution_hash and all other fields are untouched;
the anchor sits outside the hash scope, so the artifact's integrity proof is unchanged.
To wire anchoring into a multi-step OCG workflow, the anchor_document_integrity
MCP tool at mcp.ainumbers.co/mcp accepts an
artifact hash and returns an anchor receipt that chains into downstream nodes.
Integration targets
Bitcoin via OpenTimestamps
OpenTimestamps is built into the Anchor page. Selecting it sends the hash to the OTS
calendar network, which batches hashes into a single Bitcoin transaction every few hours.
The .ots proof anchors your hash to Bitcoin without a fee or a wallet.
After a few hours the proof upgrades from pending to confirmed; re-import it on the
Library page to see the confirmed status.
Ethereum
Emit a log event from a smart contract: emit Anchored(bytes32 hash, uint256 timestamp).
The hash in the event log matches your anchored_hash exactly and is
permanently indexed on-chain. For a no-code option, send a 0-ETH self-transfer with the
hex digest in the transaction's calldata; most block explorers surface calldata in the
transaction detail view.
Solana
Use the Solana Memo program (MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr).
Attach the hash as a memo instruction in a Solana transaction; it appears in transaction
logs and is indexed by most RPC providers. Cost: approximately 0.000005 SOL per transaction.
IPFS and Filecoin
Add your document to IPFS (ipfs add --only-hash gives you the CIDv1 without
uploading). Pin the anchors.json receipt alongside.
The CID is content-addressed (SHA-256 in CIDv1) and complements the TSA timestamp with
persistent, location-independent addressability. Store both CIDs in a Filecoin deal or a
simple JSON manifest.
Enterprise systems
-
SAP DMS / GOS. Attach
anchors.jsonas a linked document to the object (contract, invoice) via transactionCV01Nor the Generic Object Services attachment API. Add theanchored_hashto a custom Z-field for searchability. -
Salesforce. Use the Salesforce Files API to upload
anchors.jsonas a ContentVersion linked to the record. A Flow or Apex trigger can copy theanchored_hashto a custom field for reporting and SOQL queries. -
SharePoint. Upload both files to the same document library. Add a custom
site column "AnchorHash" (single-line text) and populate it via Power Automate from the
anchored_hashfield in the receipt.
CI/CD pipelines
-
GitHub Actions. After your build step, hash the artifact
(
sha256sum) and call the Sigstore TSA relay endpoint directly from a workflow step. Attach the resultinganchors.jsonas a workflow artifact or include it in a GitHub Release. The hash in the CI log plus the TSA receipt proves the binary at that git SHA existed before the timestamp, which is useful for SLSA provenance. -
GitLab CI. Use
curlto post to the relay endpoint in anafter_scriptblock. Store the receipt viaartifacts: paths: [anchors.json]and set an expiry appropriate for your retention policy.
Hyperledger Fabric
Submit a transaction to a channel with the anchored_hash in the transaction
payload. The ordering service provides a block timestamp; combining that block timestamp
with the TSA receipt gives a multi-anchor proof from two independent sources.
Cloud object storage
Store anchors.json as a sibling object alongside the document:
s3://bucket/key-anchors.json or the equivalent in Azure Blob or GCS.
Set an object tag anchored-hash: sha256:<hex> for queryability.
Enable object-level WORM retention (S3 Object Lock, Azure Immutable Storage) on both
objects for tamper-evident archival.
The receipt is yours. Post Oak Labs has no copy of your hash and no visibility into where you store it. The timestamp authorities named in the receipt are the issuers of the evidence. Read the verification recipe.