Documents signed today must be legally valid in 2055. RSA won't survive that long. Neither will the CA that issued your signing certificate. ArchiveSign solves both problems — post-quantum signatures with embedded timestamps, certificate chains, and revocation snapshots that survive infrastructure decay.
Every capability is designed for documents that must remain legally verifiable for decades — long after the signing CA has disappeared and the original algorithms have been deprecated.
RSA and ECDSA signatures have a shelf life. Key lengths that are secure today will be breakable within 10–15 years. Single-algorithm signatures create a single point of failure: one cryptanalytic breakthrough invalidates every document you have ever signed.
Dual-sign every document with SLH-DSA (hash-based, stateless, NIST FIPS 205) and ML-DSA (lattice-based, FIPS 204). SHA3-256 + BLAKE3 dual hashing. If one algorithm family falls, the other holds. Batch mode: 500 documents per signing request.
NIST selected both SLH-DSA and ML-DSA because they rely on fundamentally different mathematical hardness assumptions. A lattice breakthrough does not affect hash-based signatures, and vice versa. Dual signing is the only architecture that survives an unknown future attack.
A signature proves who signed. It does not prove when. Without a trusted timestamp, an adversary who compromises a key can backdate forgeries. Commercial TSAs use RSA — their timestamps will be forgeable once quantum arrives. Most TSAs make no long-term storage commitment.
H33 operates its own RFC 3161-compliant Timestamp Authority. Every timestamp token is signed with Dilithium (ML-DSA). Tokens are stored indefinitely with a contractual 50-year availability commitment. The TSA itself is post-quantum from day one.
A timestamp is the anchor that makes long-term signatures possible. Without it, key compromise at any point in the future retroactively invalidates every signature. A Dilithium-signed timestamp is the only kind that survives a quantum adversary.
CAs disappear. OCSP responders go offline. CRL distribution points return 404. Within 10 years of signing, the infrastructure needed to validate a certificate chain often no longer exists. Your signature is technically valid but practically unverifiable.
ArchiveSign embeds the full certificate chain, OCSP responses, and CRL snapshots directly into the signature envelope at signing time. A key transparency log (append-only Merkle tree) records every certificate issuance. Verification requires zero external lookups.
ETSI long-term signature formats (PAdES-LTA, CAdES-A) require this. The entire validation context must travel with the document. If a verifier needs to contact an external server, the signature is not truly archival.
Standard signature verification checks one thing: does the math work? It does not check whether the timestamp is still trustworthy, whether the certificate chain is complete, whether the signing algorithm has been deprecated, or whether the signature will still be valid in 5 years.
Seven verification stages: (1) hash integrity, (2) timestamp validation, (3) certificate chain completeness, (4) revocation status, (5) algorithm health assessment, (6) projected validity window, and (7) temporal consistency across all embedded proofs. Returns a structured report, not just pass/fail.
A signature that passes hash verification but uses a deprecated algorithm is a ticking time bomb. The 7-stage verifier catches signatures that are technically valid today but will fail within a predictable window — giving you time to re-sign before it is too late.
Algorithms age. SHA-1 was deprecated. RSA-1024 is broken. Every archival signature will eventually need maintenance: new timestamps with stronger algorithms, algorithm upgrades, health assessments across millions of stored documents. Nobody does this today.
Automated re-timestamping when algorithm strength thresholds are crossed. Algorithm upgrade path that preserves the original signature chain while adding new layers. Bulk health assessment: scan 10,000 documents in a single API call and get a structured report of which signatures need attention.
A 50-year signature is not "set and forget." It requires active stewardship. The re-timestamping chain is what converts a 5-year algorithm into a 50-year signature. Without it, every archival promise is empty.
If the signing key is lost, stolen, or destroyed, every document signed with it becomes suspect. Single-custodian key storage is a single point of failure. Key escrow with a single third party just moves the risk.
Threshold cryptography splits signing keys across 2–5 independent agents. No single agent can sign or reconstruct the key alone. A key transparency log (append-only Merkle tree) records every key operation — issuance, rotation, escrow deposit, recovery — creating an immutable audit trail.
A signing key that lasts 50 years will outlive employees, departments, and possibly the organization that created it. Threshold cryptography ensures the key survives personnel changes, corporate restructuring, and custody disputes without ever existing in a single location.
Six capabilities, one cryptographic stack. Every component is shared across every supported format.
| Capability | H33 Component | Standard |
|---|---|---|
| Post-quantum signing | SLH-DSA + ML-DSA dual | FIPS 205 / 204 |
| Hash integrity | SHA3-256 + BLAKE3 dual | NIST / IETF |
| Timestamps | RFC 3161 TSA (Dilithium-signed) | RFC 3161 |
| Certificate chain | Full chain + OCSP + CRL embed | X.509 / RFC 6960 |
| Key management | Threshold escrow (2-of-5) | Shamir / Merkle log |
| Verification | 7-stage structured verifier | ETSI EN 319 102 |
| PDF signatures | PAdES-LTA envelope | ETSI EN 319 142 |
| XML signatures | XAdES-A envelope | ETSI EN 319 132 |
| CMS signatures | CAdES-A envelope | ETSI EN 319 122 |
| JSON signatures | JAdES envelope | ETSI TS 119 182 |
| Batch signing | 500 docs per request | <3s per signature |
| Maintenance | Re-timestamp + algo upgrade | 10K docs per scan |
Not a research prototype. Direct conformance with the frameworks that govern archival signatures in regulated industries.
Simple per-operation pricing. Signatures include dual PQ signing, timestamp embedding, and certificate chain snapshot. Re-timestamps and managed plans for organizations with large archives.
A law firm signing 200 contracts/month at $2/sig spends $400/month for 50-year post-quantum verifiability. A government agency archiving 50,000 records/year on the managed plan spends $5,000/month — less than one day of a records management consultant.
Sign a document with dual post-quantum algorithms. Watch the timestamp embed. Watch the certificate chain snapshot. Verify it with the 7-stage verifier. Every step is auditable. Every signature is built to outlast the infrastructure that created it.