Below is a list of best practices that users can refer to in order to enable LTV signatures for document signing when using your own HSM or cloud HSM service. :
- Prepare the document: Ensure that the document you want to sign is in a suitable format, such as PDF/A or a simple PDF document. PDF/A is specifically designed for long-term archiving and ensures that the document’s integrity is maintained over time.
- Use Cryptographic Timestamps: LTV signatures require a reliable and trusted source of time. Cryptographic timestamps provide this by securely linking the signature to a specific time, preventing any backdating or tampering. Use a trusted timestamping authority like SSL.com or an internal timestamping service within your organization.
- Preserve Certificate Revocation Information: To maintain the validity of signatures over time, it’s crucial to preserve the certificate revocation information. This includes the Certificate Revocation Lists (CRLs) or the Online Certificate Status Protocol (OCSP) responses used to verify the signer’s certificate.
For Java language users, you can refer to the PDFBox Java library which contains examples to create LTV signatures. It also includes signature timestamp examples.
- Here is an example code on how to embed revocation information (CRLs) of the document signing certificate chain inside the PDF document: https://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java?view=markup
- Archive Signed Documents: Keep a secure and organized archive of all signed documents, including any intermediate versions. This ensures that the signed documents and associated validation information, such as timestamps and revocation data, are readily available for long-term verification. Implement proper storage mechanisms to prevent unauthorized access, tampering, or loss of data.
- Verify the signature: Implement a verification process to ensure that the signature can be validated correctly. This involves using the public key associated with the signing certificate to verify the signature’s integrity, checking the timestamp for validity, and verifying the certificate’s revocation status.
- Correctly configure HSMs: Ensure that the HSMs are properly configured and maintained, and adhere to industry standards and best practices for key management, such as key rotation, strong access controls, and regular auditing.
- Monitor and Update Security Controls: Regularly monitor the security controls and configurations of your signing infrastructure, including the HSMs, timestamping services, and storage systems. Stay updated with security patches, firmware updates, and industry best practices for HSM and document signing technologies.