Khatim Timestamp Server = Get Accurate Time

High assurance cryptographic, trusted timestamp server with market-leading performance.
  • Enterprise ready, secure and quick to deploy
  • Compatible with ETSI & IETF advanced digital signature standards
  • Flexible, scalable, trusted, timestamp software securing high valued transactions
  • Seamlessly integrate with existing business system & Hardware secure modules
  • Generate secure cryptographic timestamps from multiple trusted time sources (NTP servers)
Download Datasheet

Purpose of Timestamp Server Authority (TSA)

Accuracy - Integrity - Trustworthiness

Proving time is important in high valued transactions and critical for businesses creating digital signatures for long-term perseverance. Without cryptographic timestamps, digital signatures can’t be trusted as they cannot be accepted in long term. A Timestamp server (also called as Timestamp Authority or TSA as short) provides proof of data existence at a particular point in time using cryptography.

A Timestamp Authority acts as a pivotal role ensuring all of the cryptographic objects identified during digital signature creation remains valid, be it digital certificates, CRL or OCSP. This is achieved by embedding RFC 3161 based cryptographic timestamps inside business documents or transactions. Digital signature standards from ETSI or IETF now require cryptographic timestamps to be embedded ensuring long term storage and archiving.

With the emergence of eIDAS regulation, allowing cross border digital signature acceptability, cryptographic timestamping have now become a corner stone in the evolving digital trust landscape.

"Without a trusted TSA, digital signatures perseverance is simply not possible"

Khatim Timestamp Server - Verticals

What makes Codegic the best TSA software vendor?

Built for Speed

Khatim Timestamp Server (aka KTS) is designed to provide market leading performance suited for high volume processing giving you top speeds what others don’t provide. With good set of configurations, you can achieve up to 750 TPS or more.


Secured Processing

High trust and assurance is important in any business. In KTS, all functions from timestamp creation, administration to transaction management are accomplished with military grade security.

Simplicity is the Key

Complexity creates confusion and bound to create operator mistakes. With developer and admin friendly interfaces, KTS can be deployed, integrated & tested in far less time what others offer.

Core Features

Features you get from Khatim Timestamp Authority Server
Support any HSM & CAs

Quickly integrates with your existing HSMs over PKCS#11. Some of these are:


– Entrust nShield
– Thales Luna & Protect Server
– Utimaco Cryptoserver
– Microsoft Azure Key Vault
– AWS HSM etc.


Environments which doesn’t require HSMs, can still use software based cryptographic keystores. Timestamp certificates can be certified with your existing CAs for quick import and usage.

Standard & Compliant

Supports creation of advanced digital signatures based on IETF and ETSI standards to create following signatures formats:





Works seamlessly with wide range of business applications to integrate cryptographic timestamping such as:


– Adobe Acrobat
– Microsoft Office
– jarsigner

– SignTool

Trust Service Provider Friendly

A standout feature of KTS is its ability to let Trust Service Providers create tailored service plans with defined quotas for their clients. These plans can be set as unlimited, limited, or recurring, offering comprehensive reports to track usage and provide clients with daily proof of their usage.

Proactive Alerts & Troubleshooting

In situations where timestamp server is not working as it should, Khatim timestamp server proactively notifies administrators to take immediate action. For traceability, all issues are recorded which can be pushed securely to your central logging systems. Some of these are:


– Splunk
– Grafana
– Greylog
– LogRhythm etc.

Secure Military Grade Access Control

Key functions are only accessible to trusted resources of your organization. Authentication is done over military grade TLS Client authentication giving the most powerful, password less authentication. Key functions includes administration, timestamp creation, transaction logging via AES 256 encryption.

NTP Aware

Timestamp server can be configured to use:


– System time (synched with a trusted time source)
– NTP (over RFC-1305 or SNTP RFC-2030)
– Checks local clock time drift with NTP


Administrator can directly configure multiple NTP sources based on stratum-2 or stratum-3 to avoid single point of failure. No timestamp is created if time drift exceeds certain threshold and hence alerted.

Cryptographic Agility

Keeping in view businesses having different cryptographic needs, KTS supports:


– RSA (2048, 4096, 8192)
– ECDSA (192, 224, 256, 320, 384, 512)
– SHA-256, 384 and 512 hashing algorithms

Admin Friendly

Control your timestamp server administration with shell commands allowing:


– Install new timestamp servers
– Configure keys, certificates, policies
– View transactions, NTP, operator, events logs


Shell commands allow admins to make their own scripts to push configurations in one go saving time to setup staging or production environments.

Logging & Auditing

KTS records all incoming transactions & configuration for detailed analysis. Administrator can download and investigate request/responses on the fly, any time for troubleshooting or to check server status.

Unlimited Scalability

KTS can be installed as a cluster of multiple individual timestamp servers to reduce latency. Add timestamp servers at will, without stopping already running instances giving you blazing fast throughput you expect.

Serve Multiple Clients

Setup multiple policies to cater different configurations like algorithms, time sources etc. This allows serving different business applications having different timestamp needs.

Cross Platform, Diverse Deployments

KTS is build from ground up with platform independence hence supports Windows and Linux alike. You can deploy following different environments:


– On-premise private or public cloud
– VMs
– Physical machines

How Khatim Timestamp Server works?

KTS consist of 4 core components:

  • KTS Portal: Access timestamp configs, transactions & statistics
  • KTS Engine: Provides timestamp service to business apps
  • KTS Diagnostic: Performs housekeeping and health checks
  • PKI Insights Storage: Stores configurations and transactional data

The overall processing logic is quite simple:

  • Business applications send timestamp requests containing document hash (e.g. SHA-256)
  • KTS verifies the incoming request
  • KTS create a digitally signed timestamp response
  • The time source from where the server gets the time can be:
    • Current machine time
    • Time from external time source over NTP
Khatim Timestamp Server Components


Supported OS

All flavors of Windows Server & Linux (Centos, Ubuntu, RedHat, Fedora)


English - Other languages can be supported on demand

Minimum H/W Requirement

8 GB RAM, 2 vCPU (2.3 GHz), 10 GB disk space.

Pricing & Maintenance


  • KTS is charged per bundle
  • Each bundle allows you to deploy 2 instance of timestamp server in high availability mode
  • To add more servers in your existing pool:
    • Add more bundles
    • Buy a single server instance at 50% of the bundle price
  • Test environments or Staging environments are charged 20% of the price
  • Price inclusive of first 12 months of maintenance plan

Maintenance Plan

With active annual software maintenance plan you:

  • Keep your installation safe and secure with the latest security updates
  • Get free access to the newest features, enhancements, and bug fixes
  • Get premium support from our technical engineers (within 24 hours on business days)

Has your maintenance expired?

When you buy a KTS license, you automatically get free 12 months of maintenance. Want to renew your maintenance plan? The price for 12 months is 25% of your license’s (current) list price.

Save more with extended supported:

  • Extend for 24 months and save 10%

  • Extend for 36 months and save 15% best value

Success Story


“Security is at the heart of our business. We were struggling with our PKI implementation when Codegic came to the rescue. They not only sorted our technical issues but also designed the whole PKI for the infrastructure. There in depth PKI knowledge down to the code level helped us in many ways. I highly recommend their PKI technical expertise.”


Hemal Patel, CEO, Ray Pte. Ltd.


What is needed to run a timestamp server?

To deploy a TSA server requires three core components:

  • Timestamp software and an efficient hardware on which to deploy
  • Cryptographic hardware or HSM to ensure the cryptographic keys used to sign timestamp remain protected
  • For trusted time source use either a dedicated NTP hardware or a setup with with some trusted NTP service

Finally to become a trusted TSP for timestamping there are few more requirements mentioned below.

Which off the shelf software are supported for timestamping?

Any application which can communicate over RFC 3161 protocol can be integrated. Some of these are: Adobe Acrobat Reader, Microsoft Office, Signtool etc.

Can I trust any free online timestamp server for my business?

Yes and No.

  • Yes only if they are certified from an certified authority as a trusted TSP for time stamping.
  • You can’t trust a non certified Timestamping service as:
    • You can’t be 100% sure about their time source
    • You won’t be able to audit their systems to confirm trustworthiness
    • With no SLA setup, they can stop their timestamp service any time

Can I rely on some free online NTP Server for time?

Yes but testing only and not for production use as there are no guarantees. The online NTP Server may stop any time or have no obligation on time precision. As they are public, they also have certain restrictions like number of request per IP hence bulk NTP requests can get your IP blocked from them.

How can developers integrate with timestamp servers?

Your developers can use any open source API like bouncy castle which provides client side implementation for timestamping. More details can be found here.

What it takes to be a Trusted Service Provider (TSP) for timestamping?

Becoming a TSP requires number of ETSI & IETF standards to be followed. These are:

  • ETSI EN 319 401 – General Policy Requirements for Trust Service Providers
  • ETSI EN 319 421 – Policy and Security Requirements for Trust Service Providers issuing Time-Stamps
  • ETSI EN 319 422 – Time-stamping protocol and time-stamp token profiles
  • RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
  • RFC 5816: ESSCertIDv2 Update for RFC 3161
  • As per Regulation (EU) No 910/2014, for a qualified TSA , the signature verification (public) key certificate must be issued by a CA operating under ETSI EN 319 411-2

How many timestamp server instances I need to deploy?

Start with deploying two instances and add more to achieve the required TPS. You can deploy unlimited number of Khatim timestamp instances.

Do you support languages other than English?

Yes, do let us know the language of your choice and we will set it up for you.

Does KTS create PAdES and XAdES signatures?

KTS complements your existing digital signing solution to create cryptographic timestamps. Alternatively checkout our one stop solution Khatim Sign Server which lets you sign PDF or XML and communicate with KTS for timestamping as well.

What are the best NTP sources?

Keeping in view the budget there can be both expensive and cheap depending upon how much time precision is needed. Some of the options are:

  • Buy an NTP hardware (Stratum 1) which synchs with a master clock
  • Synch with a paid NTP service in your region
  • Synch with a free NTP server or deploy a local NTP server sycnhed with regional free NTP (for test environments) e.g.

Which NTP Servers we can integrate with?

For trusted time, Khatim timestamp server can communicate with any RFC-1305 or SNTP (RFC-2030) NTP servers.

How can we boost the performance of KTS?

There are many factor which can boost the performance. This includes:

  • Opting for ECDSA over RSA keys
  • 2048 bit RSA keys over 4096 bit
  • 384 bit ECDSA key over 521 bit
  • Deploying multiple load balanced servers instead of a single instance
  • Deploying timestamp server near your client with low network latency
  • Using HSM for keys storage instead of software
  • Using a PCI based HSM over network/cloud based HSM

Which technology stack is used for time stamping?

Khatim timestamp server uses Java (Open JDK) with Apache tomcat to ensure deployment can be done on any platform (Linux, Windows, Mac).

What is the best practice for time synchronization?

This should be done at both operating system level and application. Ensure the following:

  • Your machine OS is synched with a reliable time source e.g. NTP Server
  • Enable time drift monitoring in Khatim Timestamp Server to detect any time drifts between local and NTP

Which CA and HSM KTS can integrate with?

Khatim timestamp server can integrate with any CA (over PKCS#10) and any HSM (over PKCS#11)

Can alerts to be pushed to a central logging system?

Yes, for traceability, alerts can be pushed securely to your central logging systems e.g. Splunk, Grafana, Greylog, LogRhythm etc.

There are already many timestamp servers in the market why choose Khatim timestamp server?

Choosing the right timestamp server could be difficult. In any case, follow the checklist to choose the right one:

– Does it provide quick installation and simple configuration?
– Does it provide the throughput you expect & scales quickly?
– Does it support RFC 3161, NTP and PKCS#11 interfaces?
– Does it support RSA and ECDSA based encryption?
– Does it raise alerts in case of failures?
– Does the vendor provide quick support?
– Are all operations done securely?
– Does it fit your budget?


Test drive Khatim Timestamp Server and explore its powerful features.

Still not convinced?

All it takes few minutes to see timestamping in action!
Super Simple Installation

Admins love KTS because it quick to install and configure


Provides blazing fast timestamping when configured properly in a load balanced environment

Try for free

Want to see KTS in action? Start now with your 30-day trial