cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

LTV-enabled signature became non-LTV signature in 2 hours (same machine)

barthmaul
Explorer ,
Mar 30, 2020 Mar 30, 2020

I have a problem with LTV signatures. Last thursday we have signed a document (7 signatures, 5 on my computer, 2 on different computers, all certificates from one CA). After each signature I checked the document (on my computer)and everything was OK (every signature was LTV-enabled). Few hours later and all the signatures (on my computer) are non-LTV. What is more - we checked the document on 5 different machines - 2 non-LTV, 3 LTV (Acrobat Reader DC everywhere)
I checked the \AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache directory on two computers (one with LTV and one with non-LTV) - no CRL for this CA.
This is a very important document - please help.

TOPICS
Security digital signatures and esignatures
2.9K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
1 ACCEPTED SOLUTION
margueritek
Engaged ,
Apr 16, 2020 Apr 16, 2020
In Response To barthmaul

(I'm guessing) that's related to the fact that Acrobat caches a lot of CRL and OCSP responses while it is launched, without regard for which signature they apply to. The cache gets cleared when you exit Acrobat (and maybe at other times).

View solution in original post

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 6 Replies 6
latest latest Jump to latest reply
Amal. Adobe Employee
Adobe Employee ,
Mar 30, 2020 Mar 30, 2020

Hi barthmaul

 

We are sorry for the trouble, As described the LTV signatures become Non-LTV

 

Please refer to a similar discussion (https://community.adobe.com/t5/acrobat-reader/ltv-enabled-signatures-not-longer-ltv-enabled-after-up...) and see if that helps

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
barthmaul
Explorer ,
Apr 07, 2020 Apr 07, 2020
In Response To Amal.

Hi Amal
to be honest that answer did not help me at all.
My file did not became "non-LTV" after an upgrade. We signed the document in Adobe Acrobat Reader DC 2019.010.20069 and everything was ok (LTV enabled). After two hours all the signatures became non-LTV (on the same PC, same version of DC). The same day we checked on 4 different computers :
1) 2019.021.20058 - non-LTV (2 weeks ago), LTV (today)
2) 2019.021.20058 - LTV
3) 2019.010.20069 - LTV
4) 20.006.20042.43423 - LTV (2 weeks ago), non-LTV (today)

 

If I understand correct - Adobe LTV-enabled signature is not the PAdES-E-LTV level signature (ETSI EN 319 142-2). It looks like there is no CRL / OCSP Response embedded in the signature.

Sorry, but in my opinion, this problem makes this solution totally useless - I don't know what will be the validation status for those signatures in the future.
What is more - this problem is 2 years old !!

I will try to prepare some test documents and send them to You.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
margueritek
Engaged ,
Apr 07, 2020 Apr 07, 2020
In Response To barthmaul

OCSP has never been embedded in the signature. For LTV, the CRL and OCSP responses are saved in a "security store" dictionary external to the signature. Do you have a Timestamp authority configured? Are you verifying signatures at signature creation time or signature timestamp time? What is the expiration time of the signing certificates?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
barthmaul
Explorer ,
Apr 16, 2020 Apr 16, 2020
In Response To margueritek

By "CRL / OCSP Response embedded in the signature" I mean "in the signed document" not "in the signature field".

There is no timestamp. All the certificates are valid (some of them will expire next week).

And I know the reason of the difference - if the option "verifying signatures using time at which the signature was created" is selected, then the signature is "LTV-enabled". If the option "verifying signatures using secure time (timestamp) embedded in the signature" is selected then the same signature is "non-LTV".

In my opinion this is not exaclty OK with the ETSI norm.

But I still don't understand why on my computer (with the "verifying signatures using secure time (timestamp) embedded in the signature" option selected) I had a LTV-enabled signature for first 2 hours.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
margueritek
Engaged ,
Apr 16, 2020 Apr 16, 2020
In Response To barthmaul

(I'm guessing) that's related to the fact that Acrobat caches a lot of CRL and OCSP responses while it is launched, without regard for which signature they apply to. The cache gets cleared when you exit Acrobat (and maybe at other times).

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
uandme72
Explorer ,
Dec 14, 2023 Dec 14, 2023
LATEST

A digital signature showing as "LTV enabled" in the signature panel of Adobe reader becomes "not LTV enabled" if in 'Signature Verification Preferences' dialog that opens (In Edit > Preferences, under categories, select Signatures.. From the Verification box in the Digital Signatures panel, select More...)

 

, we deselect the Require certificate revocation checking to succeed... checkbox.

 

However, the same signature again becomes LTV enabled if we select Require certificate revocation checking to succeed... checkbox.

 

Is it a bug in Adobe Reader (latest version),

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Open in a new window
Adobe Inc
Whats new in Acrobat DC
Open in a new window
Adobe Inc
Plan and Pricing
Open in a new window
Adobe Inc
Adobe Acrobat features and tools
Open in a new window
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Open in a new window
Edit Scanned PDFs
Open in a new window
PDF Forms
Open in a new window
Sign a PDF
Open in a new window
FAQs
How to Edit Scanned or Secured document
Open in a new window
Rotate | move | delete and renumber PDF pages
Open in a new window
Acrobat download and installation help
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices