Concept · Long-term validity
PDF Timestamps &
Long-Term Validation
A digital signature proves who signed. A trusted timestamp proves when, and that nothing changed since. LTV goes further: it buries all the verification evidence inside the PDF itself, so the signature stays provable decades later with no network call. This guide explains the mechanics and the PAdES ladder from B-B to B-LTA.
The analogy: a notary stamp plus a self-contained evidence folder
Think of a signature on a contract and a notary who dates and stamps it in front of you. The stamp proves the document existed on that date and the notary witnessed it. That is what a trusted timestamp does: a Time Stamping Authority (TSA) issues a signed token that pins the document's cryptographic fingerprint to a moment in time.
Now imagine the notary also photocopies every credential in the room, the signing certificate, the CA certificate chain, and the current revocation list, and staples them all to the back of the contract. Years from now, if the CA shuts down and its website goes offline, anyone with that folder can still verify everything. That is the Document Security Store (DSS). No phone call required, ever.
What a trusted timestamp proves
An RFC 3161 token from a TSA gives three guarantees at once, independently of any later changes to the document or the signer's certificate.
Existence at a point in time
The TSA's token includes a trusted timestamp of when it was issued. The document's SHA-256 fingerprint is bound to that moment, so you know the content existed then.
Integrity since signing
The token's messageImprint is the SHA-256 hash of the signed byte range. Any subsequent modification invalidates the hash, making tampering detectable.
TSA-independent verification
The token is a self-contained CMS SignedData object inside the PDF. Verification needs only the TSA's certificate, not a live connection to the TSA's servers.
In PDF, the token lives in a /DocTimeStamp entry with subfilter
ETSI.RFC3161. Its /Contents is a CMS
SignedData encapsulating a TSTInfo structure whose
messageImprint is the SHA-256 of the signed byte range.
Why signatures expire, and how the DSS fixes it
A digital signature is not self-contained. To verify it, a relying party must confirm the signer's certificate was valid at signing time and was not revoked. Both of those checks depend on infrastructure that will eventually go offline.
The Document Security Store (DSS) solves this by embedding everything a verifier will ever need directly inside the PDF at the time of signing, when all the services are still live.
Certificate chain
Every certificate from the signer's leaf up to the root CA is stored as a stream inside /DSS /Certs, so the chain can be rebuilt without contacting any CA.
Revocation data (CRLs)
Current Certificate Revocation Lists are embedded in /DSS /CRLs. A verifier checks revocation status from the local copy, never from the network.
Self-contained verification
With certs and CRLs in the file, any compliant PDF reader can verify the full signature chain offline, now and decades from now.
The PAdES ladder: B-B, B-LT, B-LTA
PAdES defines three levels of increasing longevity. Each level builds on the previous one by appending an incremental update, so earlier signatures are never disturbed. See What is PAdES? and What is eIDAS? for the regulatory context.
basic
PAdES Baseline B (B-B)
A standard CAdES-based signature with the subfilter ETSI.CAdES.detached and, optionally, the ESS signing-certificate-v2 attribute for PAdES compliance. Verifiable today, but vulnerable to expiry and revocation service loss over time.
+ DSS
PAdES Long-Term (B-LT)
A DSS is appended in an incremental update with the signer's full certificate chain and current CRLs embedded inside the file. Verification becomes offline and network-independent. The B-B signature bytes are untouched.
+ timestamp
PAdES Long-Term with Archival (B-LTA)
A document timestamp (/DocTimeStamp, ETSI.RFC3161) is appended over the file including the DSS. This seals everything under a trusted time proof and proves the validation data itself existed at signing time, making the document archival-grade.
How to build B-B, B-LT and B-LTA with rust-pdf
Start from a signed PDF, embed validation material (DSS), then add an archival timestamp. Each step appends an incremental update so earlier signatures remain valid.
# pip install rustpdf
import rustpdf
signed = rustpdf.sign(pdf, key, cert, reason="Approved", pades=True) # B-B
lt = rustpdf.add_dss(signed, certs=[cert], crls=[crl]) # -> B-LT (DSS)
lta = rustpdf.timestamp(lt, tsa_key, tsa_cert) # -> B-LTA
open("contract.ltv.pdf", "wb").write(lta)// dotnet add package RustPdf
using RustPdf;
byte[] signed = Pdf.Sign(pdf, keyDer, certDer, reason: "Approved", pades: true); // B-B
byte[] lt = Pdf.AddDss(signed, certs: new[]{ certDer }, crls: new[]{ crl }); // B-LT
byte[] lta = Pdf.Timestamp(lt, tsaKeyDer, tsaCertDer); // B-LTA// go get github.com/rustpdf/rustpdf-go@latest
signed, _ := rustpdf.Sign(pdf, key, cert, rustpdf.SignOptions{Reason: "Approved", Pades: true})
lt, _ := rustpdf.AddDss(signed, [][]byte{cert}, [][]byte{crl}) // B-LT
lta, _ := rustpdf.Timestamp(lt, tsaKey, tsaCert) // B-LTA// npm install rustpdf
const { sign, addDss, timestamp } = require("rustpdf");
const signed = sign(pdf, key, cert, { reason: "Approved", pades: true }); // B-B
const lt = addDss(signed, { certs: [cert], crls: [crl] }); // B-LT
const lta = timestamp(lt, tsaKey, tsaCert); // B-LTArust-pdf builds the standards-compliant RFC 3161 container and DSS offline. For production you supply a trusted TSA key and certificate (any qualified TSA from your national Trusted List) and real revocation data from your CA. The dev example uses a self-issued TSA, which is sufficient for testing the full workflow. Full details in the documentation.
PDF timestamp & LTV FAQ
What is a PDF timestamp?
A PDF timestamp is an RFC 3161 token issued by a Time Stamping Authority (TSA) that proves a document or signature existed at a specific moment and has not changed since. In PDF it is stored as a /DocTimeStamp entry whose /Contents holds a CMS SignedData encapsulating a TSTInfo structure. The TSTInfo messageImprint is the SHA-256 hash of the signed byte range, so any change to the document invalidates the token.
What is LTV / a DSS?
LTV stands for long-term validation. A Document Security Store (DSS) is an entry in the PDF catalog that embeds the certificates and CRLs needed to verify a signature directly inside the file. A verifier can check the entire chain without making any network requests, even after the issuer's revocation service goes offline or the certificate expires, because all the evidence is self-contained.
Why do signatures stop validating over time?
A normal digital signature relies on the signer's certificate being valid at the time of signing and on a live revocation check (OCSP or CRL) to confirm it was not revoked. Once the certificate expires, the issuer's CA is decommissioned, or the revocation service goes offline, a verifier has no way to confirm the signature was made with a valid credential. The DSS solves this by capturing the revocation evidence at the time of signing and embedding it in the file.
What are B-LT and B-LTA?
B-LT (PAdES Baseline with Long-Term validation data) is a PAdES signature that includes a DSS with the signer's certificate chain and current revocation information (CRLs or OCSP responses) embedded in the PDF. B-LTA adds an archival document timestamp over the whole file including the DSS, proving the validation data itself existed at a certain time and sealing the document against future tampering.
Do I need a trusted TSA?
For production use, yes. A timestamp token is only as trustworthy as the TSA that issued it. Qualified TSAs in the EU are listed on the ETSI Trusted List. rust-pdf builds the standards-compliant RFC 3161 container offline; you supply the TSA key and certificate. For development and testing a self-issued TSA is sufficient to exercise the full workflow.
Add LTV timestamps in your language
One Rust core, nine language bindings: Python, C#/.NET, Go, Node.js, Java, PHP, Ruby, Delphi, Swift. Prototype for free, license the corporate features when you ship.