3-Heights™ PDF Security – encryption, decryption, signature creation & verification
The 3-Heights™ PDF Security component offers comprehensive functionality in two independent yet combinable areas: Electronic signatures and encryption.
Add and validate PDF/A-conform signatures
Protect PDF documents against unauthorized access
Manage document revisions and include read-only annotations
PDF security - features
Apply simple, advanced, and qualified electronic signatures
- PDF/A conform signatures
- Support European Signature Norms
- Signature types
- Document signatures to "digitally sign" documents
- Modification dedection & prevention (MDP) signatures to "certify" documents
- Document time-stamp signatures to "time-stamp" documents
- Apply PAdES-B-LTA (long term availability and integrity of validation material) and PAdES-LTV (Long Term Validation) signatures
- Embedded trust chain, time-stamp and revocation information (OCSP, CRL)
- Enlarge the longevity of existing signatures
- Add signature validation material to the document security store (DSS)
- Add an optional visual appearance of the signature (page, size, color, position, text, background image, etc.)
- Cache OCSP, CRL, and other data for mass signing
- Various types of cryptographic providers
- Windows certificate store
- Hardware such as hardware security module (HSM), smart cards, and USB tokens
- Online signature services
- 3-Heights™ Signature Creation and Validation Service
- SwissSign Digital Signing Service
- SwissSign SuisseID Signing Service
- QuoVadis sealsign
- Swisscom All-in Signing Service
- GlobalSign Digital Signing Service
- Custom signature handler plugin interface
- Mass signing of documents
Extract digital signatures
- Validate digital signatures
- Remove digital signatures
- Extract signed version (revision) of document
Encrypt and decrypt PDF documents
- Set document restrictions, including:
- Print document
- Modify document content
- Extract or copy content
- Add comments
- Fill in form fields
- Content extraction for accessibility
- Assemble documents
- Print in high resolution
- Set crypt and stream filters
- Set encryption strength
- Set owner and user password
- Stamp text, images, or vector graphics
- Add hyperlinks
- PDF/A conform stamps
- Modify existing stamps
- Stamping of signed documents preserves existing signatures
Set document metadata
Optimize for the web (linearize)
Read input from and write output document to file, memory, or stream
- ISO 19005‑1 (PDF/A‑1)
- ISO 19005‑2 (PDF/A‑2)
- ISO 19005‑3 (PDF/A‑3)
- ISO 32000-1 (PDF 1.7)
- ISO 32000-2 (PDF 2.0)
- PDF 1.0 to 1.7
- PDF 2.0
- PDF/A-1, PDF/A-2, PDF/A-3
- PDF 1.0 to 1.7
- PDF 2.0
- PDF/A-1, PDF/A-2, PDF/A-3
Areas of use - advanced PDF security
Documents are signed prior to archiving; this increases conformance with audit requirements, for instance. A hardware security module can be used to handle large numbers of documents. Verification enables the authenticity and integrity of signed documents to be checked prior to archiving.
Verification of incoming signed PDF documents to ensure they have not been modified during transmission and were transmitted by an authenticated sender.
The component can encrypt and apply an electronic signature to PDF documents before they are sent, thus enabling the recipient to verify authenticity and integrity.
The 3‑Heights™ PDF Security component is quickly integrated in solutions without any need for extensive learning and programming.
Other areas of use
- Add encryption and/or digital signatures for PDF files to applications (client, server, web)
- Centralized signature service with HSM for mass signatures in input/output management
- Workflow support systems (author, review, release, etc.)
- Client solutions (signature application software)
Checklist how to create electronic signatures
- Identify whether an advanced or a qualified signature is required
- Acquire a corresponding certificate from a CA
- Setup and configure the certificate’s cryptographic provider
- Identify regulatory requirements regarding the content and life cycle of the signature
- Optional: Acquire access to a trusted time server (TSA)
- Optional: Ensure your input documents conform to the PDF/A standard
Application of the signature
Apply the signature by providing the following information:
- The cryptographic provider where the certificate is located
- Values for the selection of the signing certificate
- Optional: Time-stamp service URL
- Optional: Time-stamp service credentials
- Optional: Add validation information
- Optional: Visual appearance of the signature on a page of the document
Applying an electronic signature guarantees the authenticity and integrity of documents, both of which are important requirements in electronic data exchange. Depending on the characteristics of the signature and the country it is used in, an electronic signature can be equivalent to signing a document by hand. Electronic signatures offer advantages with regard to the speed, security and automation of business correspondence.
The 3-Heights™ PDF Security component is able to apply various types of electronic signature (simple, advanced and qualified). The component’s benefits include PDF/A conformity, embedding information on the validity of certificates (OCSP, CRL), time stamps and compatibility with signature hardware (HSM) for mass signature applications. The component can verify existing signatures by checking their integrity.
PDF documents used in professional circumstances contain important information that needs to be protected against unauthorized access and unintentional alteration. This is achieved by protecting PDF documents through encryption and user permission flags.
Digitally signing of PDF/A documents via HSM at Swiss Mobiliar Insurance
The decision to use 3-Heights™ PDF Security was based on the functional range of the product, the ability to integrate it into the Mobiliar’s applications and IT infrastructure, and additionally the extremely promising functional and performance tests. The Java interface that encapsulates the signature function and is responsible for communicating with HSM and the timestamp service is worthy of special mention. Through it, the required signature functionality can be achieved in the application with minimal footprint. The interoperability under Linux could be ensured together with support from PDF Tools AG.
Encryption of care reports at MEDICPROOF with 3‑Heights™ PDF Security component
The 3-Heights™ PDF Security solution is a tremendous help in ensuring the necessary data security. A stable data interface is also essential to achieving this. The performance meets our expectations, and the flexibility of the solution sets 3-Heights™ PDF Security apart from other solutions on the market.
Difference between an electronic signature and a digital signature
The term “digital signature” is used in legal contexts; its meaning is comparable with the expression “signed by hand”.
An “electronic signature”, on the other hand, refers to the technical implementation of a signature.
Furthermore, how these terms are interpreted differs between various countries.
There are various signature types:
- Document signature: Any user can apply a signature to a document
- Author’s signature (MDP): Only the document’s author is permitted to sign the document
- Qualified signature: A signature that is guaranteed through the use of hardware such as a USB key or smart card. The German identity card is an example of a qualified signature.
- Document Time-stamp signature: A time-stamp signature provides evidence, that the document existed at a specific time. Furthermore, the time-stamp proves the document’s integrity, i.e. that the document has not been modified.
Advantages of digital signatures in comparison to manual signatures
Processes in which large numbers of documents need to be signed or where the signees are in different locations can take days to complete. Digital signatures can drastically reduce this time span.
Unlike a manual signature, a digital signature has more than just legal implications. It offers the additional option to programmatically verify the authenticity and integrity of a document and the time at which it was signed.
Requirements and legislation
Certain processes have specific requirements concerning the exchange of documents. In some countries (e. g. Germany and Switzerland) applying a qualified electronic signature is equivalent to signing a document by hand.
Further information about PDF security, encrpytion and digital signature
- White paper: Digital signatures from the cloud - Basics and Applications
- PDF expert blog: Using blockchains as an alternative to PKIs for digital signatures
- PDF expert blog: Digital signatures in PDF/A
- PDF expert blog: Utiltiy to simplify the import of certificates and private keys into a PKS#11 cryptographic token (HSM)