LTV (Long Term Validation) and PDF signatures

[lidds]

I am digitally signing a PDF document with a valid PDF signing token and when I open the document within Adobe I get the following warning warning:

LTV.png

I believe this is something new that Adobe has put in place, see link https://stackoverflow.com/questions/260 ... abled-mean is there a way within PDF Xchange Editor SDK that I can make it so this does not appear?

Thanks

Simon

[Stefan - PDF-XChange]

Hi Simon,

Thanks for the post.
I will need to pass this to our signatures expert, but he is in the Canadian office, so it will take some time for us to check this and follow up.
We will post here as soon as there are some further news on the subject!

Cheers,
Stefan

[lidds]

OK Stefan, look forward to the response.

[Ivan - Tracker Software]

In the Editor, the PAdES-LTV profile is not yet implemented, but we are working on that and hope to have it available very soon.

[lidds]

Thanks for the update Ivan. I don't suppose you have any idea of a release date for this?

Thanks

Simon

[Ivan - Tracker Software]

I cannot say exactly but it should be soon. Most likely in a month or two

[marruz]

Hello PDF-XChange team,
I have just bought your product and it works really well, however I am surprised that LTV is still not implemented. Can you please check what is going on? I read that it was supposed to be implemented in 2017. That has been like 8 years already. Thanks.

[Paul - PDF-XChange]

Hi, marruz

if you use CAdES as the Signing Format:

image(1).png

and use rfc3161.ai.moda as the time stamp server:

image.png

then the resultant PDF should be reported in Adobe as "LTV enabled":

image(2).png

[marruz]

Hello Paul,
thank you for yout help. I found the reason why it did not work. Even though I used CadES setting it did not work. I think the cause was that I used a custom TSA Server setting directly without saving it as a profile. When I saved it as a profile with a simple name, it all started working fine. Hope this helps other too.

[Paul - PDF-XChange]

Hi, marruz

thanks for the feedback. I was unaware of that possibility that a third party time stamp server could be used. I now have a new feather in my cap.

appreciated.

[lyc02]

Hi thanks for updating this thread.

I cannot successfully sign with LTV enabled, with a custom TS (URL: http://ts.ssl.com), even though I saved the time server as a profile, and selected it on the signing page using invisible signature.

I am using the free portable version 10.4.0 build 388. Is LTV signature enabled a function only in paid version? Or am I doing the profile wrong? any hints?

Many thanks.

Bren

[Paul - PDF-XChange]

Hi Bren,

well I learned that I was wrong about the need for the timestamp server. I just spoke to our development team leader about this and he has asked yo to test without using one at all!

If it still fails, please send us one of the problematic signed documents. It doesn't need any content, just be signed using CadES.

[lyc02]

Hi Paul

You are right. Without selecting any Time server, I can sign using a self created certificate stored in windows with LTV enabled. However, when I use another certificate from a trusted authority (on AATL) to sign in the same way, LTV is not enabled.

Noted that there is an expiry date on my trusted certificate. Is that the reason why LTV cannot be enabled? Is a time server mandatory to have LTV with certificate having an expiry?

Thanks again.

Bren

[Stefan - PDF-XChange]

Hello Bren,

Can you please try with a different time server (there should be plenty of free ones) - and see whether timestamps that other server provides are accepted? I am asking so that we can rule out the TS service being the issue.

Kind regards,
Stefan

[lyc02]

Hi Stefan

Thanks for looking into the issue.

I have tried using timestamp servers offered by SSL, freetsa and digicert. None of them has LTV enabled. The only one so far I got was signed without having any timeserver selected.

Regards
Bren

[Daniel - PDF-XChange]

Hello, lyc02

To my knowledge, the Cert from the CA needs to be LTV enabled, but otherwise should not be in any way dependent on the use of a timestamp service.

To investigate this further, we will need sample documents that contain these signatures. Could I ask for a few versions of the attached blank document, signed and saved on your end?

Sign sample.pdf

In this case, reading deeper into your previous statement, there are 4 states which could help us to identify issues occurring on your end.
1. Using a self signed certificate, with Timestamp service enabled.
2. Using a self signed certificate, with Timestamp service Disabled.
3. Using a Certificate Authority certificate, with Timestamp service enabled.
4. Using a Certificate Authority certificate, with Timestamp service Disabled.

While this should be secure, since they do contain your signatures, I will ask that you upload them to this link, instead of here on the forums publicly. https://files.pdf-xchange.com/s/FqHB7WZYHiY8emw
Please let me know once those files are uploaded, so that I can show the Dev team and we can dig a bit deeper into why this may be happening for you.

Kind regards,

[lyc02]

Hello Dan

I have just uploaded 6 PDFs, but I cannot see them on cloud webpage. Please check.

3 using CA certificate
-without time server
-with free time server
-with sslcom time server

3 using self created certificate
-without time server
-with free time server
-with sslcom time server

Many thanks.

Bren

[Stefan - PDF-XChange]

Hello Bren,

Yes - once you upload a file - you do not see it any longer, however we can see those from our end. I see a total of 14 files uploaded, and Dan and I will work on making sure to pass those along to the devs for further investigation!

Kind regards,
Stefan