Did you know that an electronic signature does not last forever? Just like old pieces of art, it needs to be periodically maintained to ensure its freshness. Some contracts need to be valid for a long time. This would typically be contracts for properties, which may even be inherited to the next generation.
So what happens with the signed document, you may ask. Are bits and bytes from the document disappearing? Of course not. The signed document itself has to be preserved to maintain its availability and integrity but when this is taken care of, the structure of the document itself does not change. But the world revolving around the document does.
I will be touching on three issues:
- Certificates have an expiry date.
- Validation information is needed to verify a certificate.
- The strength of the cryptographic algorithms vanishes over time.
For one, the certificates (including all intermediate certificates up to the root) used for generating the signature have an expiry date. After this date, the certificate is no longer valid, which also means that if you try to validate a signature, this validation will fail.
Another issue in validating a signature is the need for validation data. A certificate may be revoked, i.e. declared invalid, before its expiry date, in the worst case because the certificate has been compromised. Thus, all certificate issuers offer services to establish the validity of certificates, typically as revocation lists (CRLs) or online status verification (OCSP).When validating a signature, one is obliged to check the validation data in addition to checking the expiry date of certificates. But a certificate issuer and its validation data may not live forever (remember DigiNotar?) Without access to the validation data, you cannot validate the signature. Note also that OCSP always returns current status, meaning validation after the certificate has been revoked will fail, even if the certificate was valid at the time of signing.
In addition to the expiry dates and access to validation information, the cryptographic algorithms that are used to add the signatures must be considered. These algorithms are basically math, and it is possible to calculate how much computing power is required to break one of these algorithms, say that you would need 20 years or 200 years to break it. However, this does not take into account breakthroughs in mathematics or in technology. Take quantum computing for example, which uses a completely different approach to problem solving, and may break the existing algorithms in minutes or seconds. In addition, there may be advances in mathematics, which renders existing algorithms invalid. As an example, old hashing algorithms (like SHA1 or MD5) are no longer considered secure, and are being replaced.
- Validate the signature (or all signatures on a document) when certificates are still valid.
- Collect the evidences used in validation.
- Protect signatures and evidences by a “proof of existence”, making it possible to prove the signatures’ validity status at the time when the proof was created.
To address this issue, documents signed by Signicat contains what is called long term validation (LTV) information. The LTV contains all the results from the validations, so it is possible to verify what the data looked like at the time of signing.The evidence is protected by a time-stamp from Signicat’s time-stamp service proving the time when validation was done and at the same time protecting the integrity of all evidence.
This process needs to be repeated, as the certificates supporting the proofs of existence and time-stamps also have an expiry date, may be revoked, and the mechanisms may involve cryptography that may become weak over time.
To address all of these issues, Signicat offers a secure archive, where documents are periodically verified and re-sealed with updated proofs and time-stamps. This means adding a new layer of security, with updated algorithms.
Did anybody mention blockchain? Yes, you could store the hash (or signature) of the document on a distributed ledger. But that does not change any of the above. Blockchain promises that data cannot be deleted or modified. But that assumes the current mathematics and algorithms. Breakthroughs will make blockchain vulnerable. And you would still have to access validation information, in case of compromised data.
Signicat Preserve is the Signicat solution to ensure that your signature can be validated 5, 50 or 500 years from now.
And even if Signicat may not be around 500 years from now (who knows?), the preservation follows open standards, so it is possible for others to take over the preservation process.
By John Erik Setsaas