It should be possible to check whether a signature is valid, i.e. valid, even after many years. In order to be able to check a signature again, several pieces of information must be available:

• Was the end user certificate used valid at the time it was used?
• Was the issuing CA (Certificate Authority) of this certificate trustworthy at the time the end user certificate was created and was the root certificate valid?
• What was the quality level of the certificate used? Basic, advanced or qualified?

To confidently answer these questions, a validation application such as Sign Live! several exams. An important aspect of this check are revocation checks using OCSP (Online Certificate Status Protocol), ie queries to the trust service provider (VDA) that issued the end user certificate used. In order for these OCSP queries to be carried out, this service must be made available online by the VDA (directory service). The replies from the VDA are in turn signed by the latter so that the trustworthiness can be checked and thus ensured. This is then done in turn with the inclusion of OCSP queries. International standards (ETSI) regulate how this is to be done in full. At the end of these queries, the validation application can then provide a trustworthy status of the end user certificate used.

But what if the necessary directory service is temporarily or permanently unavailable? A temporary disruption can occur if the required directory service is simply not available online. Or what if this was switched off by the VDA being discontinued? The central deletion of information after the retention periods have expired also represents a cut. The end user certificate used cannot be checked in such cases and therefore the complete signature check does not lead to a clear result.

LTV signatures are different. With this type of signature, all required information is embedded in the signature, again according to international standards (ETSI). In the case of PDF documents and signatures, this is technically regulated, for example, by the PAdES standard (ETSI EN 319 142) in the context of the PAdES-B-LT profile.

The necessary information can be embedded both when the signature is created and later during validation. However, it is rare for this to happen when the signature is created, since the time required to create the signature also includes the time required for verification. The enrichment of the LTV signature for validation before archiving is therefore a good idea. From this point on, the signature is always checked offline and takes place without access to the directory service. A check is therefore independent of the availability of this service, regardless of the reason why it is not available.

Does the LTV signature do even more?

How the validity of certificates is checked is based on different models (chain, shell or modified shell model). These different models also make sense for the different uses of certificates. The validity of an SSL certificate should be checked differently in the browser than a certificate that was used to sign documents that have to be verifiable for decades.

Let's take Adobe Reader as an example. Adobe Reader will no longer classify a signature as trustworthy after the end user certificate used has expired, even if the signature was made during the validity period.

This behavior can be avoided by the LTV signature if the LTV signature is done before the expiration date. With the timely LTV signature, the Adobe Reader tick stays green and the signature continues to be positively checked - permanently. This is an important step on the way to greater user acceptance of the signature. 

How to create an LTV signature with Sign Live! CC generated?

When trust centers switch to a new PKI infrastructure, it can happen that signatures that were created with very new signature cards are not validated. This is due to the fact that the new Trusted Lists (TSL) and/or Root CAs were not yet implemented when our software was released.
The Update of the trust lists in Sign Live! CC these signatures are validated again.

• Via menu item Tools> Certificates> Update Trust Lists trigger the update of the trust lists manually.

In server installations it makes sense to have the update triggered time-controlled. To do this, adjust the preconfigured service container service to be started.

• Via menu item Tools> Services> Service Container Management  Configure the "Trusted List Update Scheduler" service container and automatically trigger the update of the trust lists:

Sign Live! CC starts with the language settings of the operating system.

To get the operating language of Sign Live! CC you need administrator rights to manipulate them.
Follow these steps:

1. Quit Sign Live! CC.
2. Use Windows Explorer to switch to the installation directory for Sign Live! CC. In most cases this is "C:\Program Files\Sign Live CC " or "C:\Program Files (x86)\Sign Live CC".
3. Navigate further into the subdirectory "demo\vmoptions\language english".
4. Copy the SignLiveCC.exe.vmoptions file from this directory.
5. Change to the “bin” subdirectory of the installation directory Sign Live! CC and drop the SignLiveCC.exe.vmoptions file there.
6. Starten Sie Sign Live! CC new so that the language settings are loaded.

By doing this, the entire user interface of Sign Live! CC presented in English.

To reset to German, delete the "SignLiveCC.exe.vmoptions" file from the bin directory and start it Sign Live! CC New.

To install the software on an Apple MacOS system:

1. Download the file with the extension ".dmg".
2. If you have already installed the same version or a previous version of the application: Quit the application, if it is started.
3. After double-clicking on the DMG file (the disk image), a virtual drive appears in the finder.
4. Drag the application icon into the application directory.
5. Check your installation.
6. Start the installed application.

To install a patch to an existing version:

1. Download the file with the extension ".dmg".
2. Please make sure that the application "Sign Live! CC” was started and stopped before installing the patch or exit the application if it was started.
3. After double-clicking on the disk image, the appears Sign Live! CC patcher app.
4. Run Sign Live! CC Double-click Patcher App.
5. Check the version number displayed and confirm that you want to apply the patch.
6. Choose the appropriate installation directory from Sign Live! CC and start the installation.
7. After installing the patch, a success message appears.
8. Check your installation.
9. Start the installed application.

For step-by-step instructions on downloading the software, installation and product activation, visit our Tutorials.