Long-term Validation (LTV) enables validating a signature on a document at the time it was signed at any time in the future, regardless of any changes made to technology specifications in the future. When LTV is added to a signature, the trusted root certificate that is used has its sign-time status captured and stored inside the PDF document. Regardless of the certificate's expiry or revocation status in the future, the LTV enabled signature guarantees the validity of the signature at the time it was signed.
To add Long-Term Validation (LTV) information for a signature (these examples assume and use an existing DocTimeStamp for LTV addition):
1VerificationOptions opts = new VerificationOptions(VerificationOptions.SignatureVerificationSecurityLevel.e_compatibility_and_archiving);
2opts.AddTrustedCertificate(in_trusted_cert_path);
3/* By default, we only check online for revocation of certificates using the newer and lighter
4OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
5it may be necessary to enable online CRL revocation checking in order to verify some timestamps
6(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
7opts.EnableOnlineCRLRevocationChecking(true);
8VerificationResult timestamp_verification_result = doctimestamp_signature_field.Verify(opts);
9if (!doctimestamp_signature_field.EnableLTVOfflineVerification(timestamp_verification_result))
10{
11 Console.WriteLine("Could not enable LTV for DocTimeStamp.");
12 return false;
13}
14doc.Save(in_outpath, SDFDoc.SaveOptions.e_incremental);
1VerificationOptions opts(VerificationOptions::e_compatibility_and_archiving);
2opts.AddTrustedCertificate(in_trusted_cert_path);
3/* By default, we only check online for revocation of certificates using the newer and lighter
4OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
5it may be necessary to enable online CRL revocation checking in order to verify some timestamps
6(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
7opts.EnableOnlineCRLRevocationChecking(true);
8VerificationResult timestamp_verification_result = doctimestamp_signature_field.Verify(opts);
9if (!doctimestamp_signature_field.EnableLTVOfflineVerification(timestamp_verification_result))
10{
11 puts("Could not enable LTV for DocTimeStamp.");
12 return false;
13}
14doc.Save(in_outpath, SDFDoc::e_incremental, 0);
1opts := NewVerificationOptions(VerificationOptionsE_compatibility_and_archiving)
2opts.AddTrustedCertificate(inTrustedCertPath)
3// By default, we only check online for revocation of certificates using the newer and lighter
4// OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
5// it may be necessary to enable online CRL revocation checking in order to verify some timestamps
6// (i.e. those that do not have an OCSP responder URL for all non-trusted certificates).
7
8opts.EnableOnlineCRLRevocationChecking(true)
9timestampVerificationResult := doctimestampSignatureField.Verify(opts)
10if !doctimestampSignatureField.EnableLTVOfflineVerification(timestampVerificationResult){
11 fmt.Println("Could not enable LTV for DocTimeStamp.")
12 return false
13}
14doc.Save(inOutpath, uint(SDFDocE_incremental))
1VerificationOptions opts = new VerificationOptions(VerificationOptions.SecurityLevel.e_compatibility_and_archiving);
2opts.addTrustedCertificate(in_trusted_cert_path);
3/* By default, we only check online for revocation of certificates using the newer and lighter
4OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
5it may be necessary to enable online CRL revocation checking in order to verify some timestamps
6(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
7opts.enableOnlineCRLRevocationChecking(true);
8VerificationResult timestamp_verification_result = doctimestamp_signature_field.verify(opts);
9if (!doctimestamp_signature_field.enableLTVOfflineVerification(timestamp_verification_result))
10{
11 System.out.println("Could not enable LTV for DocTimeStamp.");
12 return false;
13}
14doc.save(in_outpath, SDFDoc.SaveMode.INCREMENTAL, null);
1async function main() {
2 const opts = await PDFNet.VerificationOptions.create(PDFNet.VerificationOptions.SecurityLevel.e_compatibility_and_archiving);
3 await opts.addTrustedCertificateUString(in_trusted_cert_path);
4 /* By default, we only check online for revocation of certificates using the newer and lighter
5 OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
6 it may be necessary to enable online CRL revocation checking in order to verify some timestamps
7 (i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
8 await opts.enableOnlineCRLRevocationChecking(true);
9 const timestamp_verification_result = await doctimestamp_signature_field.verify(opts);
10 if (!(await doctimestamp_signature_field.enableLTVOfflineVerification(timestamp_verification_result))) {
11 console.log('Could not enable LTV for DocTimeStamp.');
12 return false;
13 }
14 await doc.save(in_outpath, PDFNet.SDFDoc.SaveOptions.e_incremental);
15}
16PDFNet.runWithCleanup(main);
1PTVerificationOptions* opts = [[PTVerificationOptions alloc] initWithLevel:e_ptcompatibility_and_archiving];
2[opts AddTrustedCertificateWithFilePath: in_trusted_cert_path];
3/* By default, we only check online for revocation of certificates using the newer and lighter
4OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
5it may be necessary to enable online CRL revocation checking in order to verify some timestamps
6(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
7[opts EnableOnlineCRLRevocationChecking: YES];
8PTVerificationResult* timestamp_verification_result = [doctimestamp_signature_field Verify: opts];
9if (! [doctimestamp_signature_field EnableLTVOfflineVerification: timestamp_verification_result])
10{
11 NSLog(@"Could not enable LTV for DocTimeStamp.");
12 return NO;
13}
14[doc SaveToFile: in_outpath flags: e_ptincremental];
1$opts = new VerificationOptions(VerificationOptions::e_compatibility_and_archiving);
2$opts->AddTrustedCertificate($in_trusted_cert_path);
3/* By default, we only check online for revocation of certificates using the newer and lighter
4OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
5it may be necessary to enable online CRL revocation checking in order to verify some timestamps
6(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
7$opts->EnableOnlineCRLRevocationChecking(true);
8$timestamp_verification_result = $doctimestamp_signature_field->Verify($opts);
9if (!$doctimestamp_signature_field->EnableLTVOfflineVerification($timestamp_verification_result))
10{
11 echo(nl2br('Could not enable LTV for DocTimeStamp.'.PHP_EOL));
12 return false;
13}
14$doc->Save($in_outpath, SDFDoc::e_incremental);
1opts = VerificationOptions(VerificationOptions.e_compatibility_and_archiving)
2opts.AddTrustedCertificate(in_trusted_cert_path)
3# By default, we only check online for revocation of certificates using the newer and lighter
4# OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
5# it may be necessary to enable online CRL revocation checking in order to verify some timestamps
6# (i.e. those that do not have an OCSP responder URL for all non-trusted certificates).
7opts.EnableOnlineCRLRevocationChecking(True)
8timestamp_verification_result = doctimestamp_signature_field.Verify(opts)
9if not doctimestamp_signature_field.EnableLTVOfflineVerification(timestamp_verification_result):
10 print('Could not enable LTV for DocTimeStamp.')
11 return False
12doc.Save(in_outpath, SDFDoc.e_incremental)
1opts = VerificationOptions.new(VerificationOptions::E_compatibility_and_archiving);
2opts.AddTrustedCertificate(in_trusted_cert_path);
3# By default, we only check online for revocation of certificates using the newer and lighter
4# OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
5# it may be necessary to enable online CRL revocation checking in order to verify some timestamps
6# (i.e. those that do not have an OCSP responder URL for all non-trusted certificates).
7opts.EnableOnlineCRLRevocationChecking(true);
8timestamp_verification_result = doctimestamp_signature_field.Verify(opts);
9if !doctimestamp_signature_field.EnableLTVOfflineVerification(timestamp_verification_result)
10 puts('Could not enable LTV for DocTimeStamp.');
11 return false;
12end
13doc.Save(in_outpath, SDFDoc::E_incremental);
1Dim opts As VerificationOptions = New VerificationOptions(VerificationOptions.SignatureVerificationSecurityLevel.e_compatibility_and_archiving)
2opts.AddTrustedCertificate(in_trusted_cert_path)
3# By default, we only check online for revocation of certificates using the newer and lighter
4# OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However,
5# it may be necessary to enable online CRL revocation checking in order to verify some timestamps
6# (i.e. those that do not have an OCSP responder URL for all non-trusted certificates).
7opts.EnableOnlineCRLRevocationChecking(True)
8Dim timestamp_verification_result As VerificationResult = doctimestamp_signature_field.Verify(opts)
9
10If Not doctimestamp_signature_field.EnableLTVOfflineVerification(timestamp_verification_result) Then
11 Console.WriteLine("Could not enable LTV for DocTimeStamp.")
12 Return False
13End If
14
15doc.Save(in_outpath, SDFDoc.SaveOptions.e_incremental)
Digital signatures
Full code sample which demonstrates using the digital signature API to digitally sign, certify, and/or verify PDF documents. Code sample is available in C++, C#, Java, Python, Go, PHP, Ruby & VB.
Did you find this helpful?
Trial setup questions?
Ask experts on DiscordNeed other help?
Contact SupportPricing or product questions?
Contact Sales