{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Viruses. 的问题《Certificate of sender expired before signature ver》','https://www.manongdao.com/q-579988.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I m working on one project about certificates and digital signatures in Java, but i cant understand following situation. Certificates of sender and receiver of document was valid when signature is created. But in time, when receiver received document, certificate of sender had expired. Is that valid situation, so receiver can normally verify signature, or he cant?
One more question. For what is used Non-repudiation key usage?
A digital signature will remain cryptographically correct even if the certificate has expired, but verification of the signature will be invalid.
An electronic certificate has a period of use established by the policy of the Certification Authority, beyond which the use of the private key is not considered safe.
To preserve the validity of the signature beyond the expiration time, a time stamp or revocation evidences ( CRLs, OCSP responses) can be incorporated on the signature, in such a way that it is possible to verify the signature without having to contact the CA in the future.
Please, read this X509: What's the difference between digital signature and non-repudiation
We need to have some clear concept here:
1-A certificate can expired or be revoked at any time, so all documents with it signature will be invalid. All certificates have an expiring date.
That was just a clue, the process has much more theory with it.
Answering your question: Yes, it is a valid and normal situation, and you can't do anything about it (on the standard way), it is no longer valid. Now you can work on avoiding this to happen again with a TSA( of trust, in spain we have @Firma from the Government) and re-stamping your valid documents.
For what is used Non-repudiation key usage? This is used so you can't say that you didn't sign the document, once is signed it is complete valid and legal. To accomplish that, you have to sign with a standard certificate (Given by an Oficial Entity) containing your most important information,normally this is given presencialy (at least in Spain), you have to go to a concrete place with your accreditation document (DNI or National Identity Number) to get your certificate.
Spanish Links that could help: https://www.sede.fnmt.gob.es/certificados/persona-fisica/obtener-certificado-software
http://firmaelectronica.gob.es/Home/Ciudadanos/Aplicaciones-Firma.html#arroba_firma
Hope this helps. Thanks.
A certificate can expire, or can be revoked, between it is "used" and it is "validated". To avoid this, you can validate it immediately after it was used. When signing PDF files, this is part of PAdES LTV specification.