SignBox supports three electronic signature formats. The signature levels (BES, T, LTV, LTVA) are the same across all formats, with one exception: LTVLITE is available only for PAdES.
| Format | Document type | Levels |
|---|---|---|
| PAdES | PDF documents | BES, T, LTV, LTVLITE, LTVA |
| CAdES | Binary data (detached, enveloped) | BES, T, LTV, LTVA |
| XAdES | XML documents | BES, T, LTV, LTVA |
PAdES is the ETSI standard for signing PDF documents. Use PAdES when signing PDF files. It supports all five levels, including LTVLITE.
CAdES uses the CMS (Cryptographic Message Syntax) format for signing binary data. Use CAdES for detached or enveloped signatures on any type of file (documents, images, etc.). It supports BES, T, LTV, and LTVA.
XAdES is the ETSI standard for signing XML documents. Use XAdES when signing XML data, SOAP messages, or XML-based documents. It supports BES, T, LTV, and LTVA.
The following levels apply across PAdES, CAdES, and XAdES, unless otherwise noted.
| Level | Rootstore required | Verification | Use case |
|---|---|---|---|
| BES | No | Online (OCSP/CRL) | Basic signature, short-term |
| T | No | Online | Timestamp proves signing time |
| LTV | Yes | Offline | Long-term validation |
| LTVLITE | Yes | Offline | PAdES only; lighter LTV, smaller PDFs |
| LTVA | Yes | Offline | Long-term archival with document timestamps |
BES is the baseline level. It contains the core signature data. The signature is valid as long as the signing certificate is not expired or revoked.
When to use: Internal workflows, short-term documents, minimal file size.
Requirements: None. No rootstore configuration needed.
Level T adds a cryptographic timestamp token from a Trusted Timestamp Authority (TSA). The timestamp proves the document existed at a specific point in time.
When to use: When the exact signing time must be provable; non-repudiation requirements.
Requirements: TSA configuration. No rootstore for T alone.
LTV embeds all materials needed to validate the signature: signing certificates, timestamp certificates, and revocation data (CRL, OCSP responses). The signature can be verified offline, even when validation services are no longer available.
When to use: Documents that must remain legally valid for years or decades; regulatory compliance; archival.
Requirements: Rootstore configuration on the SignBox Optimizer.
LTVLITE provides long-term validation for PDFs with a lighter footprint than full LTV. It embeds validation data in a more compact form, resulting in smaller signed PDFs while enabling offline verification.
When to use: Long-term PDF validity with smaller file size; high-volume PDF signing.
Requirements: Rootstore configuration. Available only for PAdES.
LTVA extends LTV by adding document timestamps to the signature and validation material itself. This establishes evidence that validation materials existed at a specific time. Periodic document timestamps can extend validity even after certificates or algorithms expire.
When to use: Maximum long-term preservation; decades of archival; regulatory requirements for extended retention.
Requirements: Rootstore configuration.
| Level | PAdES | CAdES | XAdES | Rootstore |
|---|---|---|---|---|
| BES | Yes | Yes | Yes | No |
| T | Yes | Yes | Yes | No |
| LTV | Yes | Yes | Yes | Yes |
| LTVLITE | Yes | — | — | Yes |
| LTVA | Yes | Yes | Yes | Yes |
- LTV signatures — LTV and LTVLITE details, rootstore
- Rootstore configuration — Trust chain setup for LTV, LTVLITE, LTVA
- Signature appearance — Visual representation (PAdES)