Lab-08: PQC LTV Signatures
Lab-08: PQC LTV Signatures
Section titled “Lab-08: PQC LTV Signatures”Long-Term Validation for Document Signing
Section titled “Long-Term Validation for Document Signing”Key Message: LTV bundles all proofs for offline verification in 2055. A signature is only as good as its proof chain.
Important distinction: Timestamping is necessary but not sufficient for long-term validation. A timestamp proves WHEN something was signed. LTV proves that all trust elements (certificates, revocation status, timestamps) were valid at that time — and bundles them for offline verification.
The Scenario
Section titled “The Scenario”“We signed a 30-year contract today. In 2055, how will anyone verify this signature if our CA no longer exists?”
This is the Long-Term Validation (LTV) problem. A signature alone isn’t enough — you need proof that the certificate was valid at the time of signing.
The Problem
Section titled “The Problem”TODAY (2024) IN 30 YEARS (2054)──────────── ──────────────────
┌────────────────┐ ┌────────────────┐│ Contract.pdf │ │ Contract.pdf ││ + Signature │ │ + Signature ││ │ │ ││ Services: │ ────────────► │ Services: ││ ✓ CA online │ │ ❌ CA dissolved ││ ✓ OCSP online │ │ ❌ OCSP down ││ ✓ Cert valid │ │ ❌ Cert expired │└────────────────┘ └────────────────┘
How to verify the signature?The Threat
Section titled “The Threat”┌──────────────────────────────────────────────────────────────────┐│ ││ "PERISHABLE" SIGNATURE: Dependency on external services ││ ││ ││ 2024 2034 2054 ││ │ │ │ ││ │ Signature │ Cert expired │ Verification? ││ │ created │ │ ││ ▼ ▼ ▼ ││ ││ ┌───────┐ ┌───────┐ ┌───────┐ ││ │ OK │ │ ??? │ │ ??? │ ││ └───────┘ └───────┘ └───────┘ ││ ││ To verify in 2054, you would need: ││ - The certificate (expired) ││ - The OCSP response (service down) ││ - The CA chain (company dissolved) ││ - The timestamp (TSA migrated) ││ ││ → IMPOSSIBLE without preparation ││ │└──────────────────────────────────────────────────────────────────┘The Solution: LTV (Long-Term Validation)
Section titled “The Solution: LTV (Long-Term Validation)”Embed EVERYTHING needed in a self-sufficient bundle:
┌──────────────────────────────────────────────────────────────────┐│ ││ LTV BUNDLE: Self-sufficient verification package ││ ││ ││ ┌─────────────────────────────────────────────────────────┐ ││ │ LTV Bundle │ ││ │ ────────────── │ ││ │ │ ││ │ 1. Original document │ ││ │ └── contract.txt │ ││ │ │ ││ │ 2. Signature │ ││ │ └── signature.p7s (ML-DSA CMS) │ ││ │ │ ││ │ 3. Timestamp │ ││ │ └── timestamp.tsr (proves WHEN it was signed) │ ││ │ │ ││ │ 4. Certificate chain │ ││ │ └── chain.pem (signer + CA certs) │ ││ │ │ ││ │ 5. Manifest │ ││ │ └── manifest.json (metadata) │ ││ │ │ ││ └─────────────────────────────────────────────────────────┘ ││ ││ VERIFICATION IN 2054: ││ ✓ Everything is embedded ││ ✓ No external dependencies ││ ✓ OFFLINE verification possible ││ │└──────────────────────────────────────────────────────────────────┘LTV Components
Section titled “LTV Components”| Component | Role | Why Needed |
|---|---|---|
| Signature | Document authenticity | Proves WHO signed |
| Timestamp | Temporal proof | Proves WHEN it was signed |
| Certificate chain | Trust anchor | Allows tracing to root CA |
| Manifest | Metadata | Documents the bundle structure |
Note: In production-grade LTV (CAdES-LT/LTA, PAdES-LTV), OCSP responses and CRLs are also embedded to prove revocation status at signing time.
What We’ll Do
Section titled “What We’ll Do”- Create a CA for document signing 1b. Issue TSA certificate 1c. Issue signing certificate
- Start TSA server
- Create document 3b. Sign document 3c. Request a timestamp (via HTTP)
- Create an LTV bundle
- Verify offline (simulating 2055) 2b. Stop TSA server
Run the Demo
Section titled “Run the Demo”./journey/08-ltv-signatures/demo.shThe Commands
Section titled “The Commands”Step 1: Create CA
Section titled “Step 1: Create CA”# Create PQC CAqpki ca init --profile profiles/pqc-ca.yaml \ --var cn="LTV Demo CA" \ --ca-dir output/ltv-ca
qpki ca export --ca-dir output/ltv-ca --out output/ltv-ca/ca.crtStep 1b: Issue TSA Certificate
Section titled “Step 1b: Issue TSA Certificate”# Generate TSA key and CSRqpki csr gen --algorithm ml-dsa-65 \ --keyout output/tsa.key \ --cn "LTV Timestamp Authority" \ --out output/tsa.csr
qpki cert issue --ca-dir output/ltv-ca \ --profile profiles/pqc-tsa.yaml \ --csr output/tsa.csr \ --out output/tsa.crtStep 2: Start TSA Server
Section titled “Step 2: Start TSA Server”# Start RFC 3161 HTTP timestamp serverqpki tsa serve --port 8318 \ --cert output/tsa.crt \ --key output/tsa.keyStep 1c: Issue Signing Certificate
Section titled “Step 1c: Issue Signing Certificate”# Generate document signing key and CSR (Alice)qpki csr gen --algorithm ml-dsa-65 \ --keyout output/alice.key \ --cn "Alice (Legal Counsel)" \ --out output/alice.csr
qpki cert issue --ca-dir output/ltv-ca \ --profile profiles/pqc-document-signing.yaml \ --csr output/alice.csr \ --out output/alice.crtStep 3: Create Document
Section titled “Step 3: Create Document”# Create a 30-year lease agreementcat > output/contract.txt << 'EOF'30-YEAR COMMERCIAL LEASE AGREEMENTSigning Date: 2024-12-22Expiration: 2054-12-22Parties: ACME Properties / TechCorp IndustriesEOFStep 3b: Sign Document
Section titled “Step 3b: Sign Document”qpki cms sign --data output/contract.txt \ --cert output/alice.crt \ --key output/alice.key \ --out output/contract.p7sStep 3c: Request Timestamp (via HTTP)
Section titled “Step 3c: Request Timestamp (via HTTP)”# Create timestamp requestqpki tsa request --data output/contract.p7s \ --out output/request.tsq
curl -s -X POST \ -H "Content-Type: application/timestamp-query" \ --data-binary @output/request.tsq \ http://localhost:8318/ \ -o output/contract.tsrStep 4: Create LTV Bundle
Section titled “Step 4: Create LTV Bundle”# LTV Bundle contains everything needed for offline verification:# - document.txt: original content# - signature.p7s: proves WHO signed# - timestamp.tsr: proves WHEN signed# - chain.pem: proves trust path (signer → CA)mkdir -p output/ltv-bundlecp output/contract.txt output/ltv-bundle/document.txtcp output/contract.p7s output/ltv-bundle/signature.p7scp output/contract.tsr output/ltv-bundle/timestamp.tsrcat output/alice.crt output/ltv-ca/ca.crt > output/ltv-bundle/chain.pemStep 5: Verify Offline (Simulating 2055)
Section titled “Step 5: Verify Offline (Simulating 2055)”# Verify using only the bundle (no network)qpki cms verify output/ltv-bundle/signature.p7s \ --data output/ltv-bundle/document.txt \ --ca output/ltv-bundle/chain.pem# Result: VALID - signature verified with bundled chainStep 2b: Stop TSA Server
Section titled “Step 2b: Stop TSA Server”# Stop the TSA serverqpki tsa stop --port 8318PAdES-LTV Format (PDF)
Section titled “PAdES-LTV Format (PDF)”For PDF documents, LTV data is stored in a Document Security Store (DSS):
PDF Document with LTV─────────────────────
┌─────────────────────────────────────────────────────────────┐│ PDF Document ││ ├── Page 1, 2, 3... ││ │ ││ └── DSS (Document Security Store) ││ ├── Certs[] ││ │ ├── signing-cert.der ││ │ ├── issuing-ca.der ││ │ ├── root-ca.der ││ │ └── tsa-cert.der ││ │ ││ ├── OCSPs[] ││ │ └── ocsp-response.der ││ │ ││ └── CRLs[] ││ └── ca.crl (optional) ││ │└─────────────────────────────────────────────────────────────┘Why PQC for LTV
Section titled “Why PQC for LTV”The 30-Year Timeline Problem
Section titled “The 30-Year Timeline Problem”2024 2035? 2054 │ │ │ │ Sign document │ Quantum computers │ Verify signature │ with ML-DSA │ break RSA/ECDSA │ │ │ │ ▼ ▼ ▼
Classical signature: FORGEABLE! Cannot trustML-DSA signature: Still secure ✓ VERIFIEDLong-Term Document Retention
Section titled “Long-Term Document Retention”| Document Type | Retention Period | PQC Required? |
|---|---|---|
| Legal contracts | 10-30 years | Yes |
| Medical records | 50+ years | Yes |
| Real estate deeds | Permanent | Yes |
| Notarial acts | 75 years | Yes |
| Financial audits | 7-10 years | Yes |
| Patents | 20+ years | Yes |
What You Learned
Section titled “What You Learned”- Signatures expire: Without LTV, signatures become unverifiable
- LTV bundles proofs: Document + signature + timestamp + chain
- Offline verification: No network dependencies in 2055
- PQC is essential: 30-year documents will face quantum computers
References
Section titled “References”- RFC 5126: CMS Advanced Electronic Signatures (CAdES)
- ETSI TS 101 733: Electronic Signatures
- PAdES: PDF Advanced Electronic Signatures
- NIST FIPS 204: ML-DSA Standard