Unplanned
Last Updated: 25 Jul 2025 16:19 by Tim
Nuno
Created on: 23 Jun 2022 06:59
Category: PdfProcessing
Type: Feature Request
9
PdfProcessing: Provide API for enabling Long-Term Validation (LTV)
From the Part 4: PAdES Long Term - PAdES-LTV Profile (ETSI TS 102 778-4) Specification: 

"Validation of an electronic signature requires data to validate the signature such as CA certificates, Certificate Revocation List (CRLs) or Certificate status information (OCSP) commonly provided by an online service (referred to in the present document as validation data). If the document is stored and the signatures are to be verifiable long after first created, in particular after the signing certificate has expired, the original validation data may no longer available or there may uncertainty as to what validation data was used when the document was first verified."
2 comments
Tim
Posted on: 25 Jul 2025 16:19

I should elaborate: the PDF is properly signed using a valid x509 issued by a trusted CA. The issue is the timestamp on the signature is not generated by TSA, and the PDFProcessor doesn't seem to support that functionality. 

It appears that it could be added to a 'signature dictionary', however I'm unsure how to do so manually.

Foxit validation:

 

PDF-X:

 

(Please forgive me if I've duplicated this post)

 
Tim
Posted on: 25 Jul 2025 15:53

Hello! I require the ability to generate long-term valid signed certificates. 


- Are you required to use a specific TSA or follow a particular validation policy for your signed PDFs?
Yes, we do require this ability.  We are required to generate digitally signed certificates that allow for validation of the signature and identity, as well as preventing alteration of the PDF.  The current implementation protects against alteration, however the signature is not recognized.  These PDFs must be validated by all modern PDF clients, anywhere in the world.

- Which PDF viewers or validation tools are you using to check the signatures?
Currently we are using: Foxit PDF, Adobe Reader and PDF-XChange.  All three flag the Telerik signature as invalid.


- Is your primary goal to ensure long-term validation (LTV) or compliance with standards such as PAdES?
Our goal is to produce a long-term signed PDF that can be opened by any client and be recognized as a valid signature and no alteration made. PAdES seems to meet or exceed our requirements.