Welcome to intarsys
Signature creation

Sign Live! CC validation client

Sign Live! CC validation client

The workplace-based solution for
Signature verification

check

In practice, the verification of a digital signature not only includes checking its mathematical correctness, but also checking the validity of the certificate used and the purpose of the certificate.

Reliably check electronic signature/seal, time stamp formats and technical evidence data (Evidence Record) and create a test report.

The following tests are included in the verification Sign Live! C.C.C performed at least:

Supported ETSI signature and archive formats:

* The Evidence Record Syntax, ERS for short, is part of the specification of the Long-Term Archiving and Notary Service, LTANS for short. It describes the data format for an evidence file, the Evidence Record, which is used to provide evidence of the integrity of a document stored in a long-term archive.

More function

The following functions are available after purchasing a Sign Live! C.C.C License available:

It works that easy:

The following product is available for the automatic validation and processing of large amounts of documents.

Sign Live! CC validation client

The workplace-based solution for signature verification

Learn more about Sign Live! validation client

FAQs about the Sign Live! CC validation client

c Expand all C Fold everything in

It should be possible to check whether a signature is valid, i.e. valid, even after many years. In order to be able to check a signature again, several pieces of information must be available:

  • Was the end user certificate used valid at the time it was used?
  • Was the issuing CA (Certificate Authority) of this certificate trustworthy at the time the end user certificate was created and was the root certificate valid?
  • What was the quality level of the certificate used? Basic, advanced or qualified?

To confidently answer these questions, a validation application such as Sign Live! several exams. An important aspect of this check are revocation checks using OCSP (Online Certificate Status Protocol), ie queries to the trust service provider (VDA) that issued the end user certificate used. In order for these OCSP queries to be carried out, this service must be made available online by the VDA (directory service). The replies from the VDA are in turn signed by the latter so that the trustworthiness can be checked and thus ensured. This is then done in turn with the inclusion of OCSP queries. International standards (ETSI) regulate how this is to be done in full. At the end of these queries, the validation application can then provide a trustworthy status of the end user certificate used.

But what if the necessary directory service is temporarily or permanently unavailable? A temporary disruption can occur if the required directory service is simply not available online. Or what if this was switched off by the VDA being discontinued? The central deletion of information after the retention periods have expired also represents a cut. The end user certificate used cannot be checked in such cases and therefore the complete signature check does not lead to a clear result.

LTV signatures are different. With this type of signature, all required information is embedded in the signature, again according to international standards (ETSI). In the case of PDF documents and signatures, this is technically regulated, for example, by the PAdES standard (ETSI EN 319 142) in the context of the PAdES-B-LT profile.

The necessary information can be embedded both when the signature is created and later during validation. However, it is rare for this to happen when the signature is created, since the time required to create the signature also includes the time required for verification. The enrichment of the LTV signature for validation before archiving is therefore a good idea. From this point on, the signature is always checked offline and takes place without access to the directory service. A check is therefore independent of the availability of this service, regardless of the reason why it is not available.

Does the LTV signature do even more?

How the validity of certificates is checked is based on different models (chain, shell or modified shell model). These different models also make sense for the different uses of certificates. The validity of an SSL certificate should be checked differently in the browser than a certificate that was used to sign documents that have to be verifiable for decades.

Let's take Adobe Reader as an example. Adobe Reader will no longer classify a signature as trustworthy after the end user certificate used has expired, even if the signature was made during the validity period.

This behavior can be avoided by the LTV signature if the LTV signature is done before the expiration date. With the timely LTV signature, the Adobe Reader tick stays green and the signature continues to be positively checked - permanently. This is an important step on the way to greater user acceptance of the signature. 

How to create an LTV signature with Sign Live! CC generated?

Sign Live! CC starts with the language settings of the operating system.

To get the operating language of Sign Live! CC you need administrator rights to manipulate them.
Follow these steps:

  1. Quit Sign Live! CC.
  2. Use Windows Explorer to switch to the installation directory for Sign Live! CC. In most cases this is "C:\Program Files\Sign Live CC " or "C:\Program Files (x86)\Sign Live CC".
  3. Navigate further into the subdirectory "demo\vmoptions\language english".
  4. Copy the SignLiveCC.exe.vmoptions file from this directory.
  5. Change to the “bin” subdirectory of the installation directory Sign Live! CC and drop the SignLiveCC.exe.vmoptions file there.
  6. Starten Sie Sign Live! CC new so that the language settings are loaded.

By doing this, the entire user interface of Sign Live! CC presented in English.

To reset to German, delete the "SignLiveCC.exe.vmoptions" file from the bin directory and start it Sign Live! C.C.C New.

To validate signatures, Sign Live! C.C.C always current Root certificates that are at least available for the eIDAS-PKI Trust lists (Trusted List-TL).

Sign Live! CC ships with a current set of root certificates at the time of release. From time to time, trust centers use new root certificates. If we receive information about this from the trust centers, we will forward it to you via email. To do this, register for our newsletter.

In any case, you must ensure that Sign Live! CC updated its root certificates. You can do this manually or automated carry out:

– For the workplace: Manual
This method is completely sufficient for normal installation at the workplace.

  • Via menu item Tools> Certificates> Update Trust Lists trigger the update of the trust lists manually.

– For server installation: Automated

Especially in Server installations it makes sense to have the update triggered time-controlled. To do this, adapt the preconfigured service container:

  • Via menu item Tools> Services> Service Container Management  Configure the schedule of the "Trusted List Update Scheduler" service container and automatically trigger the update of the trust lists:

If the update is not possible or aborts with an error message, please check:

  • The internet connection (proxy, firewall, ...).
  • Whether the virus scanner deletes trusted lists downloaded from the profile directory. The profile directory is where the logs are stored. You can determine this using the menu option Window>Log File.

If the update is still not possible, please send a description of the error and the current log file an support@intarsys.de.

Stay up to date with our newsletter!

And get all the information about:

Products

Services

Events

Activities

Qualified electronic signature: ECJ ruling of February 29.02.2024, 25 A current ECJ ruling specifies the interpretation of Article XNUMX of the Regulation (EU)...