OneSpan Sign Developers: Enable Long-Term Validation using Adobe Reader

Duo Liang, November 18, 2020
OneSpan-BlogImage-Enable_Long-Term_Validation_using_Adobe_Reader.jpg

How do I know if a digital signature signed 20 years ago is still trustworthy? What guarantees the validity of a certificate if it becomes expired or revoked?

The answer to these questions is Long-term Validation (LTV). By capturing and embedding the state of your certificate and its chain of trust at the time of signing, the verification information remains in the signed document and ensures it’s still verifiable years later, even after your original certificate has expired.

In this blog, we will demonstrate how to verify if signed documents are LTV enabled and how to manually enable LTV using Adobe if not. Without further delay, let’s get started!   

Verify LTV-enabled Signatures 

When open a signed document in OneSpan Sign using Acrobat Reader or any other viewer that support digital signature validation, it validates the certificate used for the digital seal. For an LTV-enabled signature, as the sign-time is captured inside the PDF document, Acrobat Reader is capable to base its verification on that time.

In this case, if we will download a signed document from OneSpan Sign system and open it with Adobe reader, then:

1) Click either the “Signature Panel” button at the top of the screen, or the signature icon on the sidebar.

11-18-01

2) Adobe will automatically detect if the signature has been long-term validated. If so, the line "Signature is LTV enabled" will appear in the Signature property description. 

11-18-02

Below screenshot resembles what if the signature is not LTV-enabled, in which case if the certificate hasn’t expired, you can manually add the signature revocation information by following the next section.

11-18-03

Add Verification Information with Adobe

If a signed signature shows that it is not LTV-enabled, it could be, because the revocation information was not available or was not required at the moment of signing. A user can manually add the signature revocation information after signing using Adobe Reader or Adobe Acrobat by following the steps described below.

1)    Right click the signature name (Signed by …) to open up the context menu if the signature status shows that it is not LTV-enabled.

11-18-04

2)    Select “Add Verification Information” menu item to add the revocation information.

11-18-05

3)    Adobe Reader should display a successful message. The signature status panel will be closed automatically.

11-18-06

4) Click the “Validate All” button. This action will validate the signature once again. 

11-18-07

5) The signature is now LTV-enabled. 

11-18-08

6) Save the PDF file to retain this information.

Note: Also refer to the “Establish long-term signature validation” section in Adobe’s official documentation.

Through today’s blog, you should have a brief knowledge of LTV, learn how to verify it using Adobe, and manually add verification information if the certificate hasn’t expired.

If you have any questions regarding this blog or anything else concerning the integration of OneSpan Sign into your application, visit the Developer Community Forums. Your feedback matters to us!

OneSpan Developer Community

OneSpan Developer Community

Join the OneSpan Developer Community! Forums, blogs, documentation, SDK downloads, and more.

Join Today