Long-Term Validation (LTV)

Ensuring signed documents are verifiable years later!

Will your signed documents be verifiable in the future?

Many business applications need signed documents or transactions to be verifiable months or years after signing, often there can be a legal/regulatory requirement to keep documents as evidence for up to 10+ years . Most people assume that a signed document will always be verifiable like ink signatures but there can be several issues when verifying digital signatures at a later date:

Signer’s certificate is revoked (lost tokens, change of job, etc.)

Issuing CA certificate is expired

Signer’s certificate is expired (most certificates have 1 year lifetime)

Underlying crypto algorithms become weak over time

How LTV Signatures help?

To avoid the above risks requires the ability to prove that at the time of signing the signer’s certificate was valid (not revoked or expired). To do this requires proof of the time at which the signature was applied. This is achieved by using a Time Stamp Authority (TSA) to provide trusted time of signing, instead of simply relying on the signer’s claimed time. There is also a need to be able to prove that at the time of signing the signer’s certificate was not revoked – this is where a Validation Authority comes in (based on either OCSP or CRL technology).

SigningHub LTV signatures embed timestamps and OCSP/CRL info into the signature at the time of signing. This is done seamlessly and without user involvement:

With a long-term signature the lifetime is extended up to the lifetime of the TSA certificate. This can be up to 20 years into the future!

Built-in PKI or External PKI

SigningHub comes with a complete built-in PKI including CA, OCSP/CRL and TSA Services. Alternatively SigningHub can rely on any external PKI whether its enterprise, national, public, or global CA.

Built-in PKI or External PKI

SigningHub comes with a complete built-in PKI including CA, OCSP/CRL and TSA Services. Alternatively SigningHub can rely on any external PKI whether its enterprise, national, public, or global CA.

Signature Formats

SigningHub supports the following LTV signature formats:

For PDF documents:

PAdES (including PAdES-X-Long and PAdES-A)

For XML documents:

XAdES (including XAdES-X-Long and XAdES-A)

For any other document format:

CAdES (including CAdES-X-Long and CAdES-A)

For PDF documents:

PAdES (including PAdES-X-Long and PAdES-A)

For XML documents:

XAdES (including XAdES-X-Long and XAdES-A)

For any other document format:

CAdES (including CAdES-X-Long and CAdES-A)

Very Long Term Verification!

Even with a long-term signature there are risks that over time the underlying cryptographic algorithms may become weak or the TSA certificate may expire. In such cases SigningHub supports the embedding of further timestamps protected under stronger algorithms. A chain of timestamps therefore can help protect the document for perpetuity.

Very Long Term Verification!

Even with a long-term signature there are risks that over time the underlying cryptographic algorithms may become weak or the TSA certificate may expire. In such cases SigningHub supports the embedding of further timestamps protected under stronger algorithms. A chain of timestamps therefore can help protect the document for perpetuity.