How long is an electronic signature valid?

The validity of an electronic signature depends on the document format, security level, and certificate validity. This article explains what determines this and how to ensure long-term validity for signed documents. 

Electronic signatures by format and security levels 

Electronic signatures are divided into three main formats: XAdES, PAdES, and CAdES. These formats are adapted for different types of electronic documents, which may be international or used only in specific countries. 

For example, there are country-specific document formats such as: 

  • ADoc – Lithuania; 
  • EDoc – Latvia;
  • BDoc – Estonia.

There are also standardized formats used across the European Union, such as ASiCe and PDF. Each document format has a corresponding signature format: 

  • XAdES signatures are typically used in XML-based formats such as ASiCe, ADoc, BDoc, and EDoc;
  • PAdES signatures are used for PDF documents. 

Security levels of electronic signatures 

Electronic signatures are divided into security levels – from basic to advanced. Below are the levels from the lowest (3) to the highest (1.1.): 

Level 3 (“XAdES-B”, “PAdES-B”) – Basic electronic signature 

This is a basic signature variant without additional protection measures. 

Validity: until the certificate expires or is revoked. 

Important: Certificates may be revoked due to surname changes, loss of the signature device, security breaches, etc. 

Level 2 (“XAdES-T”, “PAdES-T”) – With timestamp 

A timestamp is added to the signature, indicating the exact signing time. 

Validity: until the timestamp certificate expires. 

Important: A timestamp proves that the signature was valid at the time of signing, meaning it can remain valid even if the certificate is later revoked. 

Level 1 (“XAdES-LT/XL”, “PAdES-LT”) – With long-term data 

The signature includes certificate revocation information (CRL, OCSP), allowing the signature to be verified even if the original sources are unavailable. 

Validity: until the timestamp certificate expires or until the hashing algorithm used becomes insecure (e.g., SHA-1). 

What is a weakened algorithm? 

It is an algorithm that has become unreliable in terms of security. Weak algorithms can allow signatures to be forged or previously signed documents to be altered. 

Level 1.1. (“XAdES-LTA/A”, “PAdES-LTA”) – With archival time stamp 

This is the same as Level 1 but with additional archival time stamps. 

Validity: until the archival time stamp certificate expires or until the hashing algorithm used becomes insecure (e.g., SHA-1). 

When using marksign.eu, your documents are protected with Level 1 security by default. For ADoc documents, Level 2 security (signature with a timestamp) is applied by default. The validity period of the signature is 5 years. 

If you need to extend the signature validity beyond 5 years or upgrade the signature to Level 1.1., we recommend contacting a qualified long-term preservation service provider. You can find a complete list of such providers here
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.