We've found an excellent answer to this question on Stack Overflow
The last time I looked Adobe had not publicly defined what they mean by "LTV enabled" technically. Adobe's PDF evangelist Leonard Rosenthol gave this definition on the iText mailing list this January:
LTV enabled means that all information necessary to validate the file (minus root certs) is contained within.
which has been clarified as
the PDF is signed correctly and contains all necessary certificates, a valid CRL or OSCP response for every certificate [except for the root certificate]
"a valid CRL or OSCP response for every certificate" also includes signatures over CRLs and OCSPs., not just the signature certificate.
he pointed out quoting one of the Adobe engineers
LTV may be enabled when all collaterals are embedded in the signatures and not DSS (I just fixed a bug that did not handle this case correctly). In this case there may be no DSS. However, this is very unusual, because signatures over CRLs and OCSPs do not contain embedded rev info which is an Adobe extension. Yet, this is a distant possibility.
Now as far as adding LTV information with iText is concerned:
Using iText to add LTV information is an attempt to add such information to a signed document which misses the required information. Missing a concrete technical definition by Adobe to go by, though, this essentially is a best effort attempt, not something one can definitively claim to have done. It especially turned out that the interpretation of the specification of the DSS sections to add these information was inconsistent.
What is the connection between LTV and document timestamps?
Document time stamps and LTV information have initially been defined in the same PAdES specification part ETSI TS 102 778-4 and some ping-pong between them has been defined there:
Thus, it had been assumed sometimes that each time you add DSS you also have to add a document time stamp
. This in turn may give rise to some "chicken and egg" issues because the time stamp also relates to some certificate for which additional DSS information might be required.
As Leonard also wrote back in January on the topic of "DSS for LTV-enabled"
No timestamp (regular or document level) is required.
Thus, the question remains:
How do I make pdf LTV enabled without using timestamps?
Add validation information for all
involved certificates except root certificates, also including certificates used in the validation information. And whenever you time stamp, add validation information for the time stamp, too.