PAdES-LTV: keeping signatures valid for decades
18 June 2026 · 7 min read · Nextarp B.V.
A signature that verifies today can quietly fail tomorrow. Certificates expire, revocation lists move, and trust anchors change. For documents that must stay provable for years - contracts, deeds, medical records - you need long-term validation (LTV).
The problem with basic signatures
A basic PAdES signature captures who signed and that the bytes are intact. But to prove the certificate was valid at signing time, a verifier needs the certificate chain and revocation data (CRL or OCSP) from that moment. Years later, that data may be unreachable - and the signature becomes "indeterminate".
What LTV adds
- Embedded revocation data - the CRL/OCSP responses proving the certificate was good at signing time are stored inside the PDF.
- Document timestamps - a trusted timestamp fixes when the signature existed, independent of the signer's clock.
- The full certificate chain - so verification never depends on an external server.
PAdES-B-LTA and refreshing validity
The PAdES-B-LTA profile adds an archival timestamp over everything. Before the newest timestamp certificate itself ages out, you apply a fresh one - each timestamp vouching for the last, forming a chain of trust that can extend indefinitely.
In practice
DocsNG signs with PAdES-B-LTA by default and can refresh validity on a schedule, so a document signed today still verifies cleanly long after the original certificate has expired - with no dependence on a third party being online.
Related articles
- Verification and tamper-evidence beyond the PDF · Trust
- Designing multi-party signing workflows · Trust
- Qualified timestamping and why it matters · Trust
