You missed the timing - release the signatures *immediately*, while the documents are still classified. Then, when declassifying the documents, the veracity of the document can be confirmed. Assuming of course that the signature algorithm was sufficiently secure that the agency couldn't create false matches. Though even if they could, there would probably be some suspicious anomalies in the resulting document as it was tweaked to match the original signature.
Of course, if they created the frauds immediately you would be absolutely correct, but in that case there's little point in them keeping the records at all.
But assuming they created the original signatures in good faith, they would prevent undetected tampering between that moment and the eventual declassification. Even if there were redacted portions, at least individuals with clearance to view the originals would be able to verify they weren't tampered with.
As for the "Declassified" stamp, I'm sure some method could be found to include that in a "wrapper" around the original file, or as an easily reversed insertion.