3-Heights™ PDF Security – encryption, decryption, signature creation & verification

The 3-Heights™ PDF Security component offers comprehensive functionality in two independent yet combinable areas: Electronic signatures and encryption.

Electronic signatures

Applying an electronic signature guarantees the authenticity and integrity of documents, both of which are important requirements in electronic data exchange. Depending on the characteristics of the signature and the country it is used in, an electronic signature can be equivalent to signing a document by hand. Electronic signatures offer advantages with regard to the speed, security and automation of business correspondence.

The 3-Heights™ PDF Security component is able to apply various types of electronic signature (simple, advanced and qualified). The component’s benefits include PDF/A conformity, embedding information on the validity of certificates (OCSP, CRL), time stamps and compatibility with signature hardware (HSM) for mass signature applications. The component can verify existing signatures by checking their integrity.


PDF documents used in professional circumstances contain important information that needs to be protected against unauthorized access and unintentional alteration. This is achieved by protecting PDF documents through encryption and user permission flags.

Product illustration 3-Heights™ PDF Security

Properties and benefits

This component is characterized by its high performance and a comprehensive range of services. It efficiently encrypts and signs even large numbers of PDF documents. Advanced and qualified electronic signatures (QES) guarantee the authenticity and integrity of documents whilst improving the quality of archived documents and increasing the security of business processes.

Document authorization can be defined by applying an author’s signature (MDP) or setting permission flags.

Performance characteristics

  • PDF/A compliant signature
  • Embedding of cryptographic time stamps (TSP)
  • Embedding of Online Certificate Status Protocols (OCSP)
  • Embedding of Certificate Revocation Lists (CRL)
  • Cryptographic Service Provider (CSP) interface
  • Supports Windows Certificate Store
  • PKCS#11 interface for connecting a hardware security module (HSM)
  • Hardware Token Session Support –> unique PIN input for batch signing
  • Programmatic PIN transfer for advanced signatures, e. g. corporate certificates
  • Revocation information caching for efficiently signing large numbers of documents
  • Platform independent

Electronic signatures

  • Application of compliant signatures to PDF/A documents
  • Verification of signatures in a PDF document
  • Simple, advanced and qualified electronic signatures
  • Long-term signatures with embedded trust chain, time stamp and verification information on certificate validity
Functionality graphic 3-Heights™ PDF Security
  • Support for mass signature devices (HSM) via PKCS#11
  • Author’s signature (MDP)
  • Listing and restoring revisions
  • Invisible and visible signatures and design functions for visible signatures


  • Protect PDF files against unauthorized access
  • Encrypt and decrypt PDF documents with owner and user passwords
  • Set document permission flags

    • Read
    • Print
    • Extract
    • Annotate, sign
    • Change
    • etc.

  • Set encryption filters (none, RC4, AES)
  • Set encryption key length (40 … 128 bit)
  • Decrypt including AES V3 (256 bit)


Documents are signed prior to archiving; this increases compliance with audit requirements, for instance. A hardware security module can be used to handle large numbers of documents. Verification enables the authenticity and integrity of signed documents to be checked prior to archiving.

Incoming mail

Verification of incoming signed PDF documents to ensure they have not been modified during transmission and were transmitted by an authenticated sender.

Outgoing mail

The component can encrypt and apply an electronic signature to PDF documents before they are sent, thus enabling the recipient to verify authenticity and integrity.

Software manufacturers/OEM

The 3‑Heights™ PDF Security component is quickly integrated in solutions without any need for extensive learning and programming.

Other areas of use

  • Add encryption and/or digital signatures for PDF files to applications (client, server, web)
  • Centralized signature service with HSM for mass signatures in input/output management
  • Workflow support systems (author, review, release, etc.)
  • Client solutions (signature application software)
  • e‑books

Input formats

  • PDF
  • PDF/A

Output formats

  • PDF
  • PDF/A (if input format is already PDF/A)


  • Standards:

    • ISO 19005‑1 (PDF/A‑1)
    • ISO 19005‑2 (PDF/A‑2)
    • ISO 19005‑3 (PDF/A‑3)
    • ISO 32000 (PDF 1.7)

  • PAdES

Operating Systems

  • Windows Vista, 7, 8, 8.1, 10 - 32 & 64 bit
  • Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 – 32 & 64 bit
  • HP‑UX 11i incl. ia64 (Itanium) - 64 bit
  • IBM AIX 6.1 - 64 bit
  • macOS 10.4 - 32 & 64 bit
  • Linux 2.4 & 2.6 - 32 & 64 bit
  • Oracle Solaris 10, SPARC & Intel
  • HP-UX 11, PA-RISC2.0 - 32 bit


  • API: C, Java, .NET, COM

Programming languages

All program libraries are written in efficient and thread-safe C++. API offers a selection of the following connections to programming languages:

  • C and C++ via native C
  • C#, VB .NET, J# via .NET
  • Java via JNI
  • MS Visual Basic, Borland Delphi, MS Office products such as Access and C++ via COM

Product Variants

  • Shell tool (command line)
  • API (programming interface)
  • Windows service (monitored directories)

Difference between an electronic signature and a digital signature

The term “digital signature” is used in legal contexts; its meaning is comparable with the expression “signed by hand”.

An “electronic signature”, on the other hand, refers to the technical implementation of a signature.

Furthermore, how these terms are interpreted differs between various countries.

Signature types

There are various signature types:

  • Document signature: Any user can apply a signature to a document.
  • Author’s signature (MDP): Only the document’s author is permitted to sign the document.
  • Qualified signature: A signature that is guaranteed through the use of hardware such as a USB key or smart card. The German identity card is an example of a qualified signature.

Advantages of digital signatures in comparison to manual signatures


Processes in which large numbers of documents need to be signed or where the signees are in different locations can take days to complete. Digital signatures can drastically reduce this time span.


Unlike a manual signature, a digital signature has more than just legal implications. It offers the additional option to programmatically verify the authenticity and integrity of a document and the time at which it was signed.

Requirements and legislation

Certain processes have specific requirements concerning the exchange of documents. In some countries (e. g. Germany and Switzerland) applying a qualified electronic signature is equivalent to signing a document by hand.

References 3-Heights™ PDF Security