Introduction
Long-term validation of signatures in PDF documents is a mechanism to check that the signature and all related certificates are still valid at the time of checking (opening the doc) without making any requests to the signing authorities. That is all required information including OCSP responses, CRLs and timestamp should be present into the document.
Checking long term validation state
So, how can you check if the file you're viewing has LTV enabled signatures? See the image below that demonstrates that:
Pic.1 LTV-enabled signature |
Basically PDF reader makes the check for you and displays the "Signature is LTV enabled" message. It also says that the signature is timestamped and it's very important because it proves that the file was signed at specific time and the clock couldn't be manipulated to produce the signature. Another way to check if the signature is LTV enabled is by examining whether the certificates' revocation info is embedded into the document. To do this, open signature properties window and check certs from the certificate chain one by one, you should see the similar picture:
Pic.2 Checking certificate revocation info status |
Additionally, you can take a look at advanced signature properties to find the timestamping authority details, hash algorithm used and producer info.
Pic.3 Advanced signature properties |