Many business applications need signed documents or transactions to be verifiable months or years after signing. Most people assume that a signed document will have this property but there can be several issues when verifying signatures at a later date:
Signer’s certificate is revoked (lost tokens, change of job, etc.)
Issuing CA certificate is expired
Signer’s certificate is expired (most certificates have 1 year lifetime)
Underlying crypto algorithms become weak over time
To avoid the above risks requires the ability to prove that at the time of signing the signer’s certificate was valid (not revoked or expired). To do this requires proof of the time at which the signature was applied. This is achieved by using a Time Stamp Authority (TSA) to provide trusted time of signing, instead of simply relying on the signer’s claimed time. There is also a need to be able to prove that at the time of signing the signer’s certificate was not revoked – this is where a Validation Authority comes in (based on either OCSP or CRL technology).
SigningHub LTV signatures embed timestamps and OCSP/CRL info into the signature at the time of signing. This is done seamlessly and without user involvement:
With a long-term signature the lifetime is extended up to the lifetime of the TSA certificate. This can be up to 20 years into the future!
SigningHub supports the following LTV signature formats:
Even with a long-term signature there are risks that over time the underlying cryptographic algorithms may become weak or the TSA certificate may expire. In such cases SigningHub supports the embedding of further timestamps protected under stronger algorithms. A chain of timestamps therefore can help protect the document for perpetuity.