What is Long Term Validation (LTV)?

PAdES (PDF Advanced Electronic Signatures) is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for Advanced Electronic Signature. PAdES recognizes that digitally-signed documents may be used or archived for many years – even many decades. At any time in the future, in spite of technological and other advances, it must be possible to validate the document to confirm that the signature was valid at the time it was signed – a concept known as Long-Term Validation (LTV).

When LTV is enabled, the certificates sign-time status is captured and stored inside the PDF document. This is indicated within the signature details if it is LTV enabled or not. This verification certificate remains in the file itself so that its validity can be determined even at some later date, regardless of whether the certificate has expired, been revoked, or the issuing authority no longer exists. Because the record is stored inside the signed document, it is also authenticated by the document’s signature, further reducing chances for error or fraud.

LTV helps reduce dependencies on external systems and reduces the potential for future ambiguity around expired or revoked certificates.  

Does DocuSign use LTV?

DocuSign eSignatures and Digital Signatures produced by DocuSign are now LTV enabled. Certain industries require the ability to verify the validity of a signature at the time of signing due to standards like PAdES (PDF Advanced Electronic Signatures). DocuSign digitally seals all PDF documents that are downloaded from the DocuSign platform with a certificate issued by Entrust. When Acrobat Reader or any other viewer that support Digital Signature validation opens our PDF documents, it validates the certificate used for the digital seal. Since we have enabled LTV, the sign-time is captured inside the PDF Document and the PDF Viewer will validate the signature using all the proof that are contains directly inside the PDF. As the sign-time is captured inside the PDF document, Acrobat Reader is capable to base its verification on that time. If the time of verification is posterior to the expiration of the Entrust certificate, it can be validated. If you downloaded your document prior to LTV ramp up, you may have a yellow warning. It does not mean that the underlying document and electronic signatures affixed to the document are invalid. Re-downloading the document will affix a new DocuSign digital seal.  

How do I ensure my DocuSign documents are valid?

Upon opening a DocuSign PDF that is not LTV enabled, Acrobat Reader will try to validate the certificate attached to the signature. If the certificate has expired, Entrust will not be able to provide a response that the signature is valid.  Acrobat Reader will then display a yellow warning sign to users stating "At least one signature has problems."

The alert means that Acrobat Acrobat is not capable of determining if a signature's certificate was valid at the time of signing. DocuSign maintains this validity as long as the documents are retained in DocuSign and is not reliant on Acrobat's ability to verify the signature certificate. When you download PDF documents from DocuSign's platform, we digitally sign the PDF documents with our certificate issued by Entrust to create tamper-evident digital seals.  If someone tries to change anything in a digitally sealed PDF document, PDF readers (e.g. Acrobat Reader, Nitro PDF, etc.) realize the digital seal has been broken and displays a separate red warning message to the user.

Solution

If the certificate applied at the time of signing of the document has already expired and the certificate is not LTV (mainly for older PDF downloads), the only way to remove Acrobat’s yellow warning is to re-download the document from DocuSign. Please note that documents that have been purged can not be re-downloaded.