Context
My common goal is to make the set of available PDF files so that users can be sure of the origin of the documents (i.e. they came from the source from which they should have come). I think about this when signing PDF files on the server. These signatures will not be at risk of expiration because the server can simply reissue new signed PDF files when renewing the certificate. Using SSL to work with documents will not be enough, because files can be transferred to third parties who do not want / do not need access to the server.
Problem
The expiration problem arises because some of these PDF files already have one or more digital signatures (for example, those created for legal purposes). My question is: if the server signs the PDF files, will it also ensure that the previous signatures continue to be valid even after their expiration date, if the last signature is valid?
I ask more about the theoretical side, although I plan to implement what I am describing using iText, so any pointers on how to use it for my purposes are also welcome.
source
share