Highlighted

How to add an LTV enabled signature?

New Here ,
Mar 25, 2019

Copy link to clipboard

Copied

1. How to add an LTV enabled signature and how to make sure the signature can be LTV?

2. If a timestamp is required when I add the LTV enabled signature?

3. Is it true that if a signature is LTV enabled, it can still validate even after 50 years? What else do I need to do during the 50 years?

TOPICS
Security digital signatures and esignatures

Views

372

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

How to add an LTV enabled signature?

New Here ,
Mar 25, 2019

Copy link to clipboard

Copied

1. How to add an LTV enabled signature and how to make sure the signature can be LTV?

2. If a timestamp is required when I add the LTV enabled signature?

3. Is it true that if a signature is LTV enabled, it can still validate even after 50 years? What else do I need to do during the 50 years?

TOPICS
Security digital signatures and esignatures

Views

373

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Mar 25, 2019 1
New Here ,
Jun 16, 2020

Copy link to clipboard

Copied

I would also like to know this!

I think a time stamp server is needed for LTV.


I have LTV in my Adobe Acrobat Pro DC but I have no idea how I got that.


I saw a post elsewhere to include revocation status and a time stamp seriver, but the revocation status flag seems to have no relation whatsoever with LTV.
https://www.pdfa.org/long-term-validation-of-signatures/
I have tried, but on or off  of this flag makes no difference to LTV.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 16, 2020 0
Explorer ,
Oct 04, 2020

Copy link to clipboard

Copied

There are two types of LTV signatures in Acrobat Reader DC.
First type - the full version of LTV signature - requires a timestamp and the revocation info.
Second type doesn't need a timestamp, but works only with "special" configuration
In Edit - > Preferences -> Signature -> Signature Verification Preferences you can set the verification method. If you choose "Verify signatures using time at which the signature was created" than you don't need the timestamp to have a LTV-enabled signature.
How to create a LTV-signature :
In Edit - > Preferences -> Signature -> Creation and Appearance Preferences you have to set the "Include signature's revocation status" flag. With this flag you will create the LTV-signature (type 2). If you add a timestamp - you will get a full LTV signature.
If your signature is not LTV (but still valid) then you can try to make it LTV-enabled. Just click the RMB on the "rev. Signed by ..." (in the Signature panel) and select "Add verification Information". Save the file and your signature is now LTV-enabled.
If your signature is not valid (meaning the application cannot validate it because of the lack of the CRL/OCSP) then you can still fix it. But you need the archival CRL (it should be issued after the signing time and before the expiration date of the certificate). If you can get this CRL then you have to place it in the ....\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache folder (but you have to change it's name - the correct name is the SHA1 hash of the CRL distribution point from the certificate). Then you open the signed document - and voila 🙂 You can even create a LTV-enabled signature then.

I don't know about 50 years, but we have tested the LTV signatures and we were able to validate them even with all the certificates (even the RootCA) in the chain expired. I think the only problem with 50 years are the algorithms.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 04, 2020 0
New Here ,
Nov 16, 2020

Copy link to clipboard

Copied

Hello, I saw this discussion here and thought that perhaps you could help with a semi-related question.   We are using AdobeSign (electronic not digital signatures) and then at the end of the signing process, AdobeSign creates a PDF with a signature page and applies a digital certificate issued by AdobeSign to Adobe.  AdobeSign isn't using a trusted timestamp when they affix the digital certificate to this PDF. 

 

If I have Preferences->Verification->Verify signatures using "Time at which the signature was created", then the certification signature displays as "LTV enabled". 

 

If I have Preferences->Verification->Verify Signatures Using "Secure time (timestamp) embedded in the signature.", then I get this message "Signature is not LTV enabled and will expire after 2023/02/23..." 

 

Based on this behavior, can you tell me whether or not the AdobeSign-certification-signature is LTV-enabled?

 

Thanks.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 16, 2020 0
Explorer ,
Nov 17, 2020

Copy link to clipboard

Copied

Hello,

Yes - it is a "LTV enabled" signature. Without a timestamp it cannot be a full PAdES-E-LTV signature (ETSI EN 319 142-2). If you set the "Time at which the signature was created" option you will be able to verify your signature "forever". But with "Secure time (timestamp) embedded in the signature." option you need to have a timestamp to get a correct verification after the expiration date of the certificate.

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 17, 2020 1