I'm using iText 5.5.3 to sign and timestamp PDF documents. It works very well. But I recently switched from Acrobat Pro X to XI and now I see this new line :
the signature is not LTV enabled and will expire after <date>
I guess this warns me that after this date, the signer's signature will be seen as invalid, right ? However the signature properties tells me :
the signature includes an embedded timestamp : <date/time>
signature was validated as of the secure timestamp time : <same date/time>
Now I'm a little bit confused : since the signature was declared valid at a known and certified date, why would it become invalid in the future ?
LTV (Long Term Validation) and PDF signatures
The term LTV-enabled
Based on this extension of the PDF specification ISO 32000-1 Adobe created the term LTV-enabled in Acrobat / Reader XI. According to Leonard Rosenthol, Adobe's PDF evangelist:
Unfortunately this simple and clear term is not really well-defined.
Early 2013, a few months after Acrobat XI has been released, people started wondering why their signatures (which in Acrobat X looked great without any restriction) suddenly were criticized as not LTV enabled and soon to expire. At that time Leonard characterized "LTV-enabled" signed PDFs on the iText mailing list:
Another Adobe employee, Steven.Madwin, more bluntly put it like this
So on one hand we have a simple and clear term LTV-enabled making the impression that it is a clear on/off matter, and on the other hand the meaning of the term depends on the (closed) signature verification algorithms in Adobe Acrobat and Reader.
Even worse, the behavior of those algorithms depends on the local configuration of the Acrobat / Reader! For any valid PDF signature Adobe Acrobat and Reader can be configured to show it as LTV-enabled by simply adding the immediate signer certificates to the trusted certificates for the signature type at hands, and analogously the other way around.
LTV-enabling a signature
Considering the above-said one can never be sure whether a PDF showing LTV-enabled on your Acrobat / Reader also shows LTV-enabled on the next person's Acrobat / Reader.
That been said, you can at least do your best to provide all the revocation information required by a verifier. This includes
for ALL signatures involved... and all signatures include the signatures signing individual CRLs, OCSP responses, and time stamps! Then add a time stamp and add certificates and revocation information related to the time stamp.
As Leonard remarks this usually requires the use of the PAdES part 4 extensions to ISO 32000-1, the Document Security Store (DSS):
LTV-enabled vs. PDF 1.4
In a comment the following question arose
You can add DSS entries to a PDF v1.4 document. A PDF 1.4 also is a PDF 1.7 according to ISO 32000-1, and the DSS is an extension to ISO 32000-1.
Yes, but I assume you actually want to know whether the result still is PDF 1.4.
The answer to this is a bit vague because being PDF 1.4 is not really well defined: As Leonard once put it:
Thus, there is nothing "normative" in nature specifying what a PDF 1.4 is at all.
This didn't keep ISO from using the PDF Reference 1.4 as normative base for their PDF/A-1 specification, though, so let us argue along the lines of that PDF Reference anyway. ;)
The PDF Reference, third edition, Adobe Portable Document Format, Version 1.4 says in Appendix E:
Thus, the additions to existing dictionaries required for adding a DSS should be no problem, nor should the added indirect objects be as they do conform to section 3 Syntax of the PDF Reference.
Arguing along this line, therefore, a PDF v1.4 with the addition of a DSS can still be a PDF 1.4.
Obviously, though, software only understanding PDF 1.4
Concerning the latter item I would assume that, confronted with a PDF 1.4 plus DSS, e.g. Adobe Reader version 5 through 7 warn about changes after signing, Adobe Reader version 8 and 9 even consider the signature broken due to the changes, and Adobe Reader X and XI accept the addition and use it happily.