How Long-Term Validation (LTV) can improve your archive
Long-Term Validation (LTV) refers to certifying a document to ensure that a signature is valid at the time of signing. It’s based on the Cryptographic Message Syntax (CMS), the advanced format of the Public Key Infrastructure (PKI). To enable signatures for LTV, you need to know exactly when a PDF was signed by using digital timestamps for the document and signatures.
LTV is an element of the PDF Advanced Electronic Signatures (PAdES) standard. PAdES is described as “a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for Advanced Electronic Signature“. Where PAdES is a standard for applying and verifying signatures in PDF, CAdES (CMS Advanced Electronic Signatures) is the standard that defines the technical specifications of advanced digital signature technology.
These advancements in signing PDFs are extremely useful because of the number of objects and properties it can support. Currently, the supported level of PAdES profiles provided by Foxit PDF SDK is:
- PAdES B: Basic Signature – PKCS#7 signature (adbe.pkcs7.detached) with an optional timestamp and OCSP revocation as defined by the ISO-3200 PDF 1.7 Standard.
- PAdES BES: Basic Enhanced Signatures – CAdES Signature (ETSI.CAdES.detached) with additional protection and optional signature timestamps.
- PAdES EPES: Explicit Policy Enhanced Signatures – CAdES Signature (ETSI.CAdES.detached) with added signature-policy-identifier attribute.
- PAdES LTV: Long-Term Validation – CAdES Signature (ETSI.CAdES.detached) with added document timestamps, CA certificates and OCSP revocation applied to the PDF on time of signing. Additional validation data and timestamps can be applied to the signature for long-term validation.
For the purpose of this article, we’re going to look at number 4, Long-Term Validation. Read on below as we take a look at the purpose of LTV and how it can help your archiving workflows.
Contents
What is the purpose of LTV?
When you sign on paper, you trust that the signature will be valid forever. With digital documents, this should be no different, even with the constant changes in technology. Without LTV, your documents have a limited verification time and will be no longer marked as certified after the CA has expired without any type of additional document-level validation. It costs time and money to return to an e-signature service to re-certify your signatures and also review contracts and legal documents to apply the change.
Supporting LTV-enabled signatures helps you deal with a series of archiving, compliance and legal issues when signing contracts, forms and any type of PDF.
Premium digital signature technology allows users to append multiple timestamps and signature validation protocol data on the signatures applied in the PDF. This can be repeatedly done, even when you apply more advanced keys and certificates that the PDF will be able to store in the signature as well. This means you can validate a signature even when the certificate has expired/been revoked by your certificate authority and display an advanced chain of signing security history.
How can LTV help my archive?
Long-Term Validation ensures the legal trustworthiness of a signature by storing the exact signing time and using that as the reference point for validation. It makes much more sense than exclusively relying on a certificate authority or a separate compliance clause to define the validity of your contracts and legal documents. Once there is a change in security required (such as certification renewal), the LTV-enabled documents can then be re-signed and the new signature validated again without the need for an entire compliance review or a new document, saving time for all stakeholders involved and not adding more files to your archive.
Using LTV with PDF/A
When you combine LTV and PDF/A (the PDF type especially suited to long term archiving), you can maintain an archive of signed and verified documents that will remain valid on a long-term basis many years after the signature was applied. This is ideal for a company that utilizes the PDF/A format for its archive and maintains a large volume of signed documents. Foxit PDF SDK’s PDF/A Compliance add-on provides the best technology in the market for converting and verifying PDF/A files.
LTV compliance
For companies that have compliance requirements when it comes to the handling of their documents, particularly for those businesses that use digital contracts, LTV technology is a key asset. Once you have LTV enabled on your signatures, you are better able to meet requirements where a timestamp for the signature must be present at the time of signing and any modifications to the PDF can be detected from that point on. Regulation in the European Union such as eIDAS states that advanced electronic signatures must meet the following requirements:
- It is uniquely linked to the signatory
- It is capable of identifying the signatory
- It is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control
- It is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
With LTV technology, you can better meet these requirements.
LTV & security
Digital signatures are the best way to ensure that no tampering has been done to your documents while also using a standardized format that can be used anywhere and recognized by public and private organizations and authorities worldwide. LTV brings another layer of security to your workflow by tracing the history of digital signatures through multiple timestamps and validation protocols.
Digital signatures are one of Foxit PDF SDK’s industry-leading areas of expertise, and the work on LTV support has just begun. We are already working on additional functionality in our support for PAdES LTV, CAdES (CMS Advanced Electronic Signatures), such as less dependency on additional libraries for digital signatures, XML data handling, better performance and seamless experience. We are proud to bring you the most advanced PDF SDK for signing, viewing and rendering signatures in the market.
Get in touch with us below for more information on our Foxit PDF SDK’s capabilities.