'How long is a document signed with a Digital Signature Certificate valid after the time it is signed?

My understanding is that the digital certificate is valid up to 3 years depending upon what you paid for to the certificate issuing company. So for example, If I bought a DSC from say, emudhra, and it is valid for 2 years. If I sign a document on 1/6/2017 and the DSC is valid from 1/1/2017 to 1/1/2019, will the document that I signed only be valid for 1.5 years from 1/6/2017 or will it be valid for the 2 years?

Also once the DSC I have expires on 1/1/2019 if I renew the certificate for another 2 years. Will the documents I signed be valid for a total of 4 years or will I have to sign it again with the renewed DSC for the certificate to be valid?



Solution 1:[1]

A certificate can expire, be revoked and the signature could still be valid, so the question should be How do I prove that a signature was valid at the time of signing?

Answering this question is not simple at all. I will try to explain how to verify a (basic) digital signature:

  • cryptographically valid: message/signature not altered and public and private key correspondence.

  • certificate not revoked or expired: checked using an online OCSP query to the Certificate Authority or downloading a CRL

  • certificate chain trusted: the root certificate of the issuing CA present in the client truststore.

There are many additional checks if you use an advanced format like CAdES or XAdES, but these are the basics.

When you need to verify a signature over time you need to keep all evidence of the validation process: certificates, CRLs, OCSP responses and protect them with a time stamp (RFC3161). When the time stamp is about to expire, an additional time stamp is added

Now, I will try to answer your original questions in a concise way

If I sign a document on 1/6/2017 and the DSC is valid from 1/1/2017 to 1/1/2019, will the document that I signed only be valid for 1.5 years from 1/6/2017 or will it be valid for the 2 years?

Validation of the signature will fail after 1/1/2019, or earlier if the certificate is revoked. To avoid this behaviour, store the revokation evidences and use them in the verification process

Also once the DSC I have expires on 1/1/2019 if I renew the certificate for another 2 years. Will the documents I signed be valid for a total of 4 years or will I have to sign it again with the renewed DSC for the certificate to be valid?

The original signature will be considered invalid after 1/1/2019, even if you renew the certificate or add new signature

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1