HomeProducts PDF Security

3-Heights® PDF Security - PDF encryption, decryption, signature creation & verification in C#, Java or Batch

3-Heights® PDF Security offers comprehensive functionality in two independent yet combinable areas: Electronic signatures and encryption. Protect your PDF documents using password protection with 256 bit AES encryption. Use digital signatures to ensure authenticity and integrity of your PDF documents. 3-Heights® PDF Security is available as shell tool for batch processing with the command line and as API to be integrated with C#, Visual Basic, Java, C/C++.

PDF/A Compliant Digital Signature

Add and validate digital signatures

Encrypt PDF Documents

Protect PDF documents against unauthorized access

Stamp PDF Documents

Manage document revisions and include read-only stamps as text or image


Encryption of care reports at MEDICPROOF with 3‑Heights® PDF Security component

Almost 1,000 freelance assessors ensure that MEDICPROOF creates more than 130,000 care reports each year for private insurance companies. Handling health data requires a very high level of security. MEDICPROOF therefore needed a tool that could support the secure encryption of PDF files.

Digitally signing of PDF/A documents via HSM at Swiss Mobiliar Insurance

Insurance requests (around 2.5 million pages per year) should in the future be converted to digitally-signed PDF/A conforming documents before they are archived. The scanned documents should be signed and stamped with an official timestamp.
Product illustration 3-Heights® PDF Security

PDF Security - Features

Apply simple, advanced, and qualified electronic signatures

  • PDF/A conform signatures
  • Support European Signature Norms
  • Signature types
    • Document signatures to "digitally sign" documents
    • Modification detection & prevention (MDP) signatures to "certify" documents
    • Document time-stamp signatures to "time-stamp" documents
  • Apply PAdES-B-LTA (long term availability and integrity of validation material) and PAdES-LTV (Long Term Validation) signatures
    • Embedded trust chain, time-stamp and revocation information (OCSP, CRL)
    • Enlarge the longevity of existing signatures Add signature validation material to the document security store (DSS)
    • Add an optional visual appearance of the signature (page, size, color, position, text, background image, etc.)
  • Cache OCSP, CRL, and other data for mass signing
  • Various types of cryptographic providers
    • Windows certificate store
    • Hardware such as hardware security module (HSM), smart cards, and USB tokens
    • Online signature services
      • QuoVadis sealsign
      • Swisscom All-in Signing Service
      • GlobalSign Digital Signing Service
  • Custom signature handler plugin interface
  • Mass signing of documents (API)
  • Multiple Signatures

Extract digital signatures

  • Validate digital signatures
  • Remove digital signatures
  • Extract signed version (revision) of document

Encrypt and decrypt PDF documents

  • Set document restrictions, including:
    • Print document
    • Modify document content
    • Extract or copy content
    • Add comments
    • Fill in form fields
    • Content extraction for accessibility
    • Assemble documents
    • Print in high resolution
  • Set crypt and stream filters
  • Set encryption strength
  • Set owner and user password


  • Stamp text, images, or vector graphics
  • Add hyperlinks
  • PDF/A conform stamps
  • Modify existing stamps
  • Stamping of signed documents preserves existing signatures

Set document metadata

Optimize for the web (linearize)

Read input from and write output document to file, memory, or stream


  • Standards:
    • ISO 32000-1 (PDF 1.7)
    • ISO 32000-2 (PDF 2.0)
    • ISO 19005‑1 (PDF/A‑1)
    • ISO 19005‑2 (PDF/A‑2)
    • ISO 19005‑3 (PDF/A‑3)
  • PAdES (ETSI EN 319 142) signature levels B-B, B-T, B-LT, B-LTA, CMS
  • Legacy PAdES baseline signature (ETSI TS 103 172) B-Level and T-Level
  • Legacy PAdES (ETSI TS 102 778) Part2 (PAdES Basic), Part3 (PAdES-BES), and Part4 (PAdES-LTV, Long Term Validation)
  • Long term signature profiles for PAdES (ISO 14533-3)
  • Cryptographic Suites (ETSI TS 119 312)
Powered by 3‑Heights® TechnologyPDF/A compliant

Supported formats

Input formats

  • PDF 1.0 to 1.7
  • PDF 2.0
  • PDF/A-1, PDF/A-2, PDF/A-3

Output formats

  • PDF 1.0 to 1.7
  • PDF 2.0
  • PDF/A-1, PDF/A-2, PDF/A-3

Areas of use - advanced PDF security

Document archiving

Documents are signed prior to archiving; this increases conformance with audit requirements, for instance. A hardware security module can be used to handle large numbers of documents. Verification enables the authenticity and integrity of signed documents to be checked prior to archiving.

Incoming mail

Verification of incoming signed PDF documents to ensure they have not been modified during transmission and were transmitted by an authenticated sender.

Outgoing mail

The component can encrypt and apply an electronic signature to PDF documents before they are sent, thus enabling the recipient to verify authenticity and integrity.

Software manufacturers/OEM

The 3‑Heights™ PDF Security component is quickly integrated in solutions without any need for extensive learning and programming.

Other areas of use

  • Add encryption and/or digital signatures for PDF files to applications (client, server, web)
  • Centralized signature service with HSM for mass signatures in input/output management
  • Workflow support systems (author, review, release, etc.)
  • Client solutions (signature application software)
  • e‑books
Contact us

Sign a PDF using DigiCert-QuoVadis sealsign

Add a digital signature to a PDF document. Use the DigiCert-QuoVadis sealsign service to create the signature. Set different mandatory properties such as the account ID, the password to access the account, the client ID and the PIN code to activate the signing key.

C# sample:
// Create secure object
using (Secure secure = new Secure())
    // Open input file
    if (!secure.Open(inputPath, ""))
        throw new Exception(String.Format("Input file {0} cannot be opened. " + 
            "{1} (ErrorCode: 0x{2:x}).", inputPath, secure.ErrorMessage, secure.ErrorCode));

    // Required: unique name of the accountspecified on the server.
    secure.SetSessionPropertyString("Identity", "Rigora");
    // Required: identifies the signature specifications by a unique name.
    secure.SetSessionPropertyString("Profile", "Default");
    // Required: password which secures the access to the account.
    secure.SetSessionPropertyString("secret", "NeE=EKEd33FeCk70");
    // Required: helps to separate access and to create better statistics.
    secure.SetSessionPropertyString("clientId", "3949-4929-3179-2818");
    // Required: activates the signing key.
    secure.SetSessionPropertyString("pin", "123456");
    // Optional: default value "SHA-256"
    secure.SetSessionPropertyString("MessageDigestAlgorithm", "SHA-256");

    // Begin session using DigiCert-QuoVadis Sealsign (demo version)
    if (!secure.BeginSession(@"https://services.sealsignportal.com/sealsign/ws/BrokerClient"))
        throw new Exception(String.Format("Unable to establish connection to DigiCert-QuoVadis Sealsign. " +
            "{0} (ErrorCode: 0x{1:x}).", secure.ErrorMessage, secure.ErrorCode));

    // Add signature
    using (Signature signature = new Signature())
        // Required, name of the signer
        signature.Name = "Rigora";

    // Sign document
    if (!secure.SaveAs(outputPath, "", "", PDFPermission.ePermNoEncryption, 0, "", ""))
        throw new Exception(String.Format("Unable to sign document {0}. {1} (ErrorCode: 0x{2:x}).", 
            outputPath, secure.ErrorMessage, secure.ErrorCode));

    // Cleanup
C# sample:

Checklist how to create electronic signatures

Preparation steps for example:

  • Identify whether an advanced or a qualified signature is required
  • Acquire a corresponding certificate from a CA
  • Setup and configure the certificate’s cryptographic provider
  • Identify regulatory requirements regarding the content and life cycle of the signature
  • Optional: Acquire access to a trusted time server (TSA)
  • Optional: Ensure your input documents conform to the PDF/A standard

Application of the signature for example:

Apply the signature by providing the following information:

  • The cryptographic provider where the certificate is located
  • Values for the selection of the signing certificate
  • Optional: Time-stamp service URL
  • Optional: Time-stamp service credentials
  • Optional: Add validation information
  • Optional: Visual appearance of the signature on a page of the document

Difference between an electronic signature and a digital signature

The term “digital signature” is used in legal contexts; its meaning is comparable with the expression “signed by hand”.

An “electronic signature”, on the other hand, refers to the technical implementation of a signature.

Furthermore, how these terms are interpreted differs between various countries.

Signature types

There are various signature types:

  • Document signature: Any user can apply a signature to a document
  • Author’s signature (MDP): Only the document’s author is permitted to sign the document
  • Qualified signature: A signature that is guaranteed through the use of hardware such as a USB key or smart card. The German identity card is an example of a qualified signature.
  • Document Time-stamp signature: A time-stamp signature provides evidence, that the document existed at a specific time. Furthermore, the time-stamp proves the document’s integrity, i.e. that the document has not been modified.

Advantages of digital signatures in comparison to manual signatures


Processes in which large numbers of documents need to be signed or where the signees are in different locations can take days to complete. Digital signatures can drastically reduce this time span.


Unlike a manual signature, a digital signature has more than just legal implications. It offers the additional option to programmatically verify the authenticity and integrity of a document and the time at which it was signed.

Requirements and legislation

Certain processes have specific requirements concerning the exchange of documents. In some countries (e. g. Germany and Switzerland) applying a qualified electronic signature is equivalent to signing a document by hand.