With Sign Live! CC are electronic signatures according to international ETSI - Default (PAdES) and can therefore also be checked by other applications that support this standard. This also includes Adobe Acrobat Reader.

In spite of this, signatures based on certificates from German trust service providers and with Sign Live! C.C, are sometimes not displayed as valid by Adobe Acrobat Reader. This has various causes for which Adobe and the respective trust service provider are responsible:

• Deutsche Telekom AG (telesec)
  The older Telese signature cards use the ECDSAAlgorithm with brain pool curves. These are not supported by Adobe Acrobat Reader and can therefore not be checked. Telesec signature cards, the issued after February 01, 2021 were based on a different algorithm which is recognized by Adobe Reader. An update of the Adobe Reader may be necessary.
   
• DGN German Health Network Service GmbH
  The one from the DGN generated for verification OCSP-Response is signed by a different root certificate than the end-user certificates used. This is after eIDAS VO as permitted, but only to a limited extent with the ETSI-Standards compatible. Adobe Acrobat Reader does not support this method, which is why revocation checks cannot be carried out successfully here.
  An update from Adobe Reader can possibly help here.

If you need more detailed information on the verification of signatures in Adobe Acrobat Reader, please contact Adobe Systems GmbH or your trusted service provider.

Status: April 2021
Generated: October 2017

In collaboration with the DATEV became the product Sign Live! CC DATEV-Edition developed. You can find important information under the following links:

Learn how to digitally seal and sign an audit report as well as further links to the DATEV Marketplace:
https://www.datev.de/web/de/top-themen/wirtschaftspruefer/weitere-themen/pruefungsberichte-digital-signieren/

Post in DATEVmagazine, issue 12/2018 for DATEV-Wizards for qualified signature:
https://www.datev-magazin.de/2018-12/produkte-services-2018-12/so-signieren-sie-dokumente-digital/
 
Practical information from WPK on the subject Electronic examination notes and reports:
https://www.wpk.de/mitglieder/praxishinweise/elektronische-pruefungsvermerke-und-berichte/

In the service video "Qualified digital signature of reports“The complete signature process is described in detail.
https://www.datev.de/web/de/service/self-service/servicevideo/berichte-qualifiziert-digital-signieren/

In addition to the signature software, you also need a signature card and a card reader. You can get the signature card at the D-TRUST (Federal Printing Office) under https://www.bundesdruckerei.de/de/bestellen acquire. We recommend as a card reader PURE SCT RFID comfort.

To ensure that the signature from the DATEV-Environment it is imperative that the Sign Live! CC DATEV-Edition installed. Access to this version is set up individually.

The Order process of the Sign Live! CC DATEV-Edition you can under https://www.intarsys.de/DATEV-Edition-purchase trigger.

Created: 17.08.2018/XNUMX/XNUMX
Updated: 05.06.2019/XNUMX/XNUMX

For the signature from the DATEV-Environment must compellingly the Sign Live! CC DATEV-Edition be installed. Otherwise, the proper execution of a signature from the DATEVEnvironment cannot be guaranteed. The Sign Live! CC DATEV-Edition is available for download in a protected area on our homepage. The required access rights are set up individually. You will receive the information about this together with the license you have purchased.
You will be informed about the setup of the user data by email. If necessary, please also check your spam folder.

If you have not been granted access, please send an appropriate email to support@intarsys.de.

Created: 30.04.2020/XNUMX/XNUMX
Updated: 30.04.2020/XNUMX/XNUMX

PDF-Documents can be signed invisibly or visibly. With the visible signature, the standard representation is mostly used, in which various data from the signature certificate are displayed in the defined signature field.
When displaying the signature individually, the signature date can be entered as a variable. The alternatives available are:

• system.millis: d = full notation (2021_04_14-09_12_52_610)
• system.millis: ds = short form (14.04.21/09/12 XNUMX:XNUMX)
• system.millis: dm = medium notation (14.04.21/09/12 06:XNUMX:XNUMX)
• system.millis: df = long notation (Wednesday, April 14, 2021 09:12 CEST)
• system.millis: dd = Date only (Wednesday, April 14, 2021)
• system.millis:dt = Time only (11:16)
• system.millis: dd (YYYY) = Java Format (2016)
• system.millis: dd (dd.MM.yyyy 'around' HH: mm) = Java Format (14.04.2021/09/12 at XNUMX:XNUMX)

In SLCC a workaround for the display of ':' is necessary up to v.7.1.8:

• Period instead of colon: system.millis: d (dd.MM.yyyy 'around' HH.mm)
• Split: $ {system.millis: dds} "by" $ {system.millis: dts}

Please note that this is the system time at the point in time at which the signature field display is generated. This can deviate from the signature time (e.g. from a time stamp)

The procedure for the individual representation of the signature can be found in the tutorial. The tutorials can be found at https://www.intarsys.de/dokumente/tutorials

Updated: 14.04.2021/XNUMX/XNUMX
Created: 18.11.2019/XNUMX/XNUMX

General

Whoever brings packaged goods into circulation is subject EU-wide the so-called extended product responsibility. This means that he has to take responsibility for ensuring that this packaging has the least possible impact on the environment. This costs money and was previously regulated in the Packaging Ordinance (VerpackV). On January 01st, 2019, the VerpackV was replaced by the   Packaging Act replaced. To implement the packaging law, the Central Office for Packaging Register Foundation (ZSVR) brought to life.

The ZSVR aims to ensure a transparent and fair distribution of the costs of the disposal and recycling system for the yellow bins / yellow bags (   "Dual System") to establish itself in the market. Every commercial first-time distributor of filled sales packaging, which is typically incurred by the end consumer or at the so-called equivalent waste disposal sites, has to be in the packaging register of the ZSVR be registered with their master data and the brands they sell. (Source: Wikipedia).

Anyone who puts “packaging subject to system participation” into circulation in Germany must contact the ZSVR im Packaging register LUCID to register. One of the technical requirements is the availability of suitable signature software such as Sign Live! CC listed. Further information can be found on the website of the ZSVR   here .

Signature with Sign Live! CC

LUCID

For the packaging register must embedded Signatures in PAdES format be generated. PDF-Signatures are in Sign Live! CC standard in the required format PAdES created.

How to create an embedded signature in Sign Live! CC:

• Starten Sie Sign Live! CC
• Open the PDFFile with File> Open menu item
• The signature process is carried out via the menu Tools> Signature Functions> Sign Document started.
• Select PDF Signature - PDF-internal signature after PDF-Specification and press [Next].
• In the window Signature field position select the option Create a new signature field. After pressing [Next] the mouse pointer changes. Now drag on the with the left mouse button pressed PDF a field in the desired position in the desired size.
• As soon as you release the left mouse button, the window opens Signature field representation. Choose here Standard [Continue].
• Select as signature device You SignIT smartcard CC - Sign with a signature card and card reader at the workplace [Continue]. If you have not already done so, please insert the signature card into the card reader.
• Im Identity window the card reader used and the certificate from the signature card are displayed. Depending on the setting, several certificates can be displayed. Please select the certificate with the Purpose: qualified signature [Continue].
• The Attribute Certificates window can with [Next] skipped .
• You will now be able to enter your personal PIN asked. Enter the PIN on the card reader and confirm your entry also on the card reader.
• The successful signature is saved in Sign Live! CC displayed in the left application window.

Please note that in order to create a qualified signature Sign Live! CC must be licensed. A license for Windows or Mac OS can about our  Shop can be acquired.

Created: 23.05.2019/XNUMX/XNUMX
Updated: 23.05.2019/XNUMX/XNUMX

The presentation of the signature can be designed individually. The procedure is in  Tutorial "Design signature field display" described. 
It is essential to ensure that the last variable in the Appearance window contains a value. A line break as the last variable would lead to an error message (internal cryptographic library error).

Updated: September 2020
Created: March 2020

We have added the extension for the signature file to a PKCS# 7 signature Sign Live! CC Version 7.x revised.

As an example, here is a file TESTS.PDF signed.
Via the menu item Extras> Settings> Signatures> Signature creation> Signature PKCS# 7 the following settings are relevant:

• Check box "Replace file extension instead of appending" aktiv creates a signature file with the name TESTS.PDF.p7s
• Check box "Replace file extension instead of appending" not active creates a signature file with the name TESTS.p7s

Status: November 2016

Despite a valid signature, the validation result contains the information that no valid blacklist was found.
This can be remedied as follows.

• Close _Sign Live! CC_
• Copy the file from / demo / vmoptions / auth tunneling into the directory / am. (Home = installation directory).
• Start _Sign Live! CC_ New and validate the document again.

Created: 21.02.2020/XNUMX/XNUMX

On September 01.07.2017st, XNUMX the eIDASRegulation in force. The TRUST-Center (Telesec, D-TRUST etc.) have therefore adapted their certificates. In order to continue to successfully validate these certificates, in Sign Live! CC an update to version 7.x is required.

Status: May 2018

A distinction is made between different forms of electronic signature, all of which are legally binding but have different evidential value and are therefore suitable for very different areas of application.

• The simple signature does not impose any requirements on the identification of the person who signs the data. There is also no requirement as to how the signed data is connected to the signature and therefore no prescribed possibility to check this. The digitized lettering of a signature (e.g. using a signature pad) represents a simple signature just like the use of an email footer. Simple signatures can be upgraded by using a certificate to create them. This can be used to check the integrity of the data. If a qualified seal is used for this purpose, the assessment of evidence applies accordingly eIDAS Art. 35 (2).
• The advanced signature is created by means that the signatory can keep under his sole control. The requirements for the identification and storage of the key used are public in the Certification Practice Statement (CPS) deposited. in the CPS are all important information about the Certificate Authority (CA), whose guidelines and procedures are stored in summary form. This results in a clear assignment of the owner. The integrity of the document can also be ensured via the signature with such a certificate.
• Within the qualified electronic signature the owner of the signature can be clearly and securely assigned, since identification takes place, for example, via PostIdent, VideoIdent or the online ID function (eID). A qualified certificate is used which is issued by an eIDAS confirmed trust service provider. Only this type of signature complies with the written form  BGB §126a and is after  ZPO §371a proving.

Created: January 2021

Whether a signature is valid, i.e. valid, should be verifiable even after many years. In order to be able to check a signature again, several pieces of information must be available:

• Was the end user certificate used valid at the time it was used?
• Was the issuing one CA (Certificate Authority) of this certificate at the time of creation of the end user certificate trustworthy and the root certificate valid?
• What level of quality was the certificate used? Simple, advanced or qualified?

In order to be able to reliably answer these questions, a validation application such as Sign Live! several exams. An important aspect of this check is blocking checks using OCSP (Online Certificate Status Protocol) i.e. queries from the trust service provider (VDA) who issued the end-user certificate used. So that these OCSPQueries can be made, this service must be dated VDA online (directory service). The answers of the VDA are in turn signed by the latter so that the trustworthiness can be checked and thus ensured. This in turn takes place with the inclusion of OCSP-Interrogate. How this is to be done in full is determined by international standards (ETSI) regulated. At the end of these queries, the validation application can then provide a trustworthy status of the end user certificate used.

But what if the necessary directory service is temporarily or permanently unavailable? There may be a temporary malfunction if the required directory service is simply not available online. Or what if this is done by setting the VDA was switched off? The central deletion of information after the retention period has expired is also an incision. The end user certificate used cannot be checked in such cases and thus the complete signature verification does not lead to a clear result.

Different with LTV-Signatures. With this type of signature, all the required information is provided, again in accordance with international standards (ETSI), embedded in the signature. In case of PDFDocuments and signatures, for example, through the PAdES standard (ETSI EN 319 142) in the context of PAdES-B-LT-Profiles technically regulated.

The necessary information can be embedded both during the signature creation and later during validation. However, it is seldom that this takes place when the signature is created, since the time required for the signature creation is also followed by the verification. This is how enrichment is offered to LTV-Signature during validation before archiving. From this point on, the signature is always checked offline and takes place without access to the directory service. A check is therefore independent of the availability of this service, regardless of the reason why it is not available.

Perform the LTV-Signature even more?

How the validity of certificates is checked depends on different models (chain, shell or modified shell model). These different models also make perfect sense for the different uses of certificates. The validity of a SSL-Certificates should be checked differently in the browser than a certificate that was used to sign documents that must be verifiable for decades.

Let's take Adobe Reader as an example. Adobe Reader will no longer classify a signature as trustworthy after the end user certificate used has expired, even if the signature was made during the period of validity.

This behavior can be caused by the LTVSignature should be avoided if the LTV-Signature done before the expiration date. With the timely LTV-Signature, the Adobe Reader tick remains green and the signature continues to be positively checked - permanently. This is an important step on the way to greater acceptance of the signature by its users.

How does a LTV-Signature with Sign Live! CC generated?

  You can find the answer in our tutorial

Status: February 2020

intarsys signature products integrate LTV * information as a new revision in the PDF document.

Most validation tools ignore this technical detail. However, some validation tools alert the user of this fact by using the subject of the test as a PARTIAL PDF describe ( EU DSS demonstration WebApp ) or indicate that the document is a empty revision includes.

The generated signatures conform to the spec and even have to be generated as long as the LTV information is added after the signature.
These statements have no relevance for the validity of the checked signatures.

* LTV - Long Term Validation
LTV information includes OCSP responses and / or revocation lists for the certificates that are required for an examination. These data facilitate the subsequent verification of the signatures and make it possible that the verification can even take place without a network connection.