Can I still prove the validity of a signature after ten years?

The retention periods for identity verification and the activity journal and thus also the periods of proof are 11 years in Switzerland and 35 years in the EU. Swisscom generally uses the long-term validation standard according to ETSI (LTV).

Long-term validation means validating a signature to remain valid for a long time. LTV standards only allow validation as long as the cryptography behind the signatures has not expired. It is, therefore, advisable to time stamp the documents again before expiration if long-term evidence is to be preserved so that the integrity and meaningfulness of the signature evidence continue to be ensured.

In principle, PDF documents should also be managed in secure archives. A situation can arise in 5, 10, or 20 years in which the signature algorithms are “cracked”, i.e., the integrity or authenticity can no longer be guaranteed. Sound archiving systems provide for regular resignation, e.g., with a time stamp, which always uses the latest algorithm and thus ensures the document's integrity.

The web offers links with optimized procedures for this, e.g., “Archisig”. The German Federal Office for Information Security (BSI) has also published a technical guideline, “Preservation of the evidential value of cryptographically signed documents”. It is the specification of technical security requirements for the long-term preservation of the evidential value of cryptographically signed electronic documents and data together with the associated electronic administrative data (metadata).

A middleware defined for these purposes (TR-ESOR middleware) in this guideline comprises all those modules and interfaces used to secure and maintain the authenticity and prove the integrity of the stored documents and data.