Validation in Adobe Acrobat
Throughout this tutorial, we'll be using the document you can find in the link below, so you can follow and repeat all of the steps on your own:
As you can see, Adobe tells us the signature is valid:
But let's take a closer look. If we click on Signature Panel, we can find more detailed information on the signature itself:
The first thing we notice is that the document has been signed twice, once by me:
and once by a Time Stamping Authority (TSA):
Both signatures have a Source of Trust. In our example, the Source of Trust is the European Union Trusted Lists (EUTL), a document issued by the EU which contains information for every member state of the European Union, telling us which certificates we can safely trust.
When we take a closer look at my signature by clicking on certificate details:
You can see that the certificate used to sign is part of a chain of certificates; my personal citizen certificate was signed by the Citizen CA certificate, which itself was signed in turn by the Belgium Root CA3 certificate.
How do we know we can trust the Belgium Root CA3 certificate, you may ask? If you guessed "Thanks to the EUTL", you'd be right.
The second signature, by the Time Stamping Authority (TSA), is also part of a certificate chain leading back to a certificate trusted by the EUTL, in this case the Belgium Root CA4 certificate.
As you may have noticed, the TSA signature is marked as LTV enabled, while my citizen signature is not. What does this mean?
It means that while my citizen signature is valid, it does not contain the Certificate Revocation List (CRLs) or Certificate status (OCSP) information that was in effect at the moment the signature was created. If we tried to validate my signed document in 50 years, this information may no longer be available online. When Adobe tells us that the signature is LTV enabled, it means that all of the necessary information to verify the signature in the future is included in the signature itself. Isn't that neat?