83
© PDF Tools AG – Premium PDF Technology
3-Heights™ PDF to PDF/A Converter Service, March 24, 2016 | 2/69
6
User’s Guide ....................................................................... 19
6.1
Process Description .................................................................. 19
6.1.1
Conversion Steps ................................................................ 20
6.1.2
Conversion Errors ............................................................... 20
6.1.3
Post Analysis ................................................................... 21
6.2
What is PDF/A? ..................................................................... 21
6.2.1
PDF/A-1 ....................................................................... 21
6.2.2
What is the difference between PDF/A-1b and PDF/A-1a? ............................... 22
6.2.3
PDF/A-2 ....................................................................... 22
6.2.4
PDF/A-3 ....................................................................... 22
6.3
Color Spaces ....................................................................... 22
6.3.1
Colors in PDF ................................................................... 22
ICC Color Profiles ............................................................ 23
PDF/A Requirements ......................................................... 23
6.4
Fonts ............................................................................. 24
6.4.1
Font Directories ................................................................. 24
6.4.2
Font Configuration File fonts.ini .................................................... 24
6.5
Cryptographic Provider ............................................................... 25
6.5.1
PKCS#11 Provider ............................................................... 26
Configuration .............................................................. 26
Interoperability Support ...................................................... 26
Selecting a Certificate for Signing .............................................. 27
Using PKCS#11 stores with missing issuer certificates .............................. 27
6.5.2
Windows Cryptographic Provider ................................................... 27
Configuration .............................................................. 28
Selecting a Certificate for Signing .............................................. 29
Certificates ................................................................. 29
Qualified Certificates ......................................................... 32
6.5.3
3-Heights™ Signature Creation and Validation Service .................................. 32
Configuration .............................................................. 33
Selecting a Certificate for Signing .............................................. 33
6.5.4
SwissSign Personal Signing Service ................................................. 33
6.5.5
SwissSign SuisseID Signing Service ................................................. 34
6.5.6
QuoVadis sealsign ............................................................... 36
6.5.7
Swisscom All-in Signing Service .................................................... 37
General Properties ........................................................... 37
Provider Session Properties ................................................... 38
On-Demand Certificates ...................................................... 38
Step-Up Authorization using Mobile-ID .......................................... 38
6.6
How to Create Digital Signatures ....................................................... 39
6.6.1
How to Create a PAdES LTV Signature ............................................... 39
6.6.2
How to Create a Visual Appearance of a Signature ..................................... 39
How to Create an Invisible Signature ............................................ 40
How to Create a Visual Appearance ............................................. 40
6.6.3
Miscellaneous .................................................................. 40
Caching of CRLs, OCSP and TSP Reponses ........................................ 40
How to Use a Proxy .......................................................... 41
Configuration of Proxy Server and Firewall ....................................... 41
6.7
How to Validate Digital Signatures ...................................................... 42
6.7.1
Validation of a Qualified Electronic Signature ......................................... 42
Trust Chain ................................................................. 42
Revocation Information ...................................................... 43
127
© PDF Tools AG – Premium PDF Technology
3-Heights™ PDF to PDF/A Converter Service, March 24, 2016 | 3/69
Time-stamp ................................................................ 43
6.7.2
Validation of a PAdES LTV Signature ................................................. 44
Trust Chain ................................................................. 44
Revocation information ...................................................... 44
Time-stamp ................................................................ 45
LTV expiration date .......................................................... 45
Other PAdES Requirements .................................................... 45
7
Reference Manual .................................................................. 45
7.1
Service Control Commands ........................................................... 45
7.1.1
-a
Pause Service ............................................................... 45
7.1.2
-c
Create Service ............................................................... 45
7.1.3
-d
Delete Service ............................................................... 46
7.1.4
-i
List the Usage ............................................................... 46
7.1.5
-o
Continue Service ............................................................ 46
7.1.6
-q
Query Current Status of Service ................................................. 46
7.1.7
-s
Start Service ................................................................ 47
7.1.8
-t
Stop Service ................................................................ 47
7.1.9
-x
Run as Executable ........................................................... 47
7.2
Configuration Options ............................................................... 47
7.2.1
Configuration File Pdf2PdfSvr.ini ................................................... 47
Autodelete of Successfully Processed Files ....................................... 48
Job Number Prefix ........................................................... 48
Logpath ................................................................... 49
Polling Interval .............................................................. 49
7.2.2
-wfi
Ignore files with certain extensions ........................................... 49
7.2.3
-wfs
Process only files with certain extensions ...................................... 50
7.2.4
-wd
Set the Drop-In Folder ....................................................... 50
7.2.5
-w
Set the Watched Folder ....................................................... 50
7.3
General Settings .................................................................... 51
7.3.1
-af
Add associated file .......................................................... 51
7.3.2
-ef
Add embedded file ......................................................... 51
7.3.3
-ax
Add XMP Metadata ......................................................... 51
7.3.4
-ma
Analyze the Input File ....................................................... 51
7.3.5
-cff
Embed Type 1 Fonts as CFF .................................................. 52
7.3.6
-mc
Force Conversion even if there are Analysis Errors ................................. 52
7.3.7
-q
Image Quality ............................................................... 52
7.3.8
-cem
Mask Conversion Errors ..................................................... 53
7.3.9
-ow
Optimize for the Web ........................................................ 54
7.3.10
-mp
Post-Analyze the Result ...................................................... 54
7.3.11
-p
Read an Encrypted PDF File .................................................... 55
7.3.12
-rd
Report Conformance Violations in Detail ........................................ 55
7.3.13
-rs
Report Conformance Violations Summary ....................................... 55
7.3.14
-cl
Set Conformance ........................................................... 56
7.3.15
-fd
Set font directory ........................................................... 56
7.3.16
-uf
Update the fonts’ Unicodes ................................................... 56
7.4
Color Profiles ....................................................................... 57
7.4.1
-cs
ICC Profile for Device-Specific Color Spaces ...................................... 57
7.4.2
-oi
ICC Profile for Output Intent .................................................. 57
7.5
Digital Signatures ................................................................... 57
7.5.1
-abg
Signature Background Image ................................................ 57
7.5.2
-af1
Signature Font Name 1 ..................................................... 58
C# DICOM - How to Create Web Viewer Allow C#.NET users to save or print (convert) web DICOM file to TIFF or PDF file. public string mode; public string fid; protected void Page_Load(object
add password to pdf file without acrobat; add password to pdf without acrobat
119
© PDF Tools AG – Premium PDF Technology
3-Heights™ PDF to PDF/A Converter Service, March 24, 2016 | 4/69
7.5.3
-af2
Signature Font Name 2 ..................................................... 58
7.5.4
-ap
Signature Page Number ..................................................... 58
7.5.5
-ar
Signature Annotation Rectangle ............................................... 58
7.5.6
-at1
Signature Text 1 ........................................................... 59
7.5.7
-at2
Signature Text 2 ........................................................... 59
7.5.8
-cci
Signer contact info ........................................................ 59
7.5.9
-cfp
Certificate Fingerprint ...................................................... 59
7.5.10
-ci
Certificate Issuer ............................................................ 59
7.5.11
-cn
Certificate Name (Subject) .................................................... 60
7.5.12
-cno
Certificate Serial Number ................................................... 60
7.5.13
-co
Do not Embed Revocation Information ......................................... 60
7.5.14
-cp
Cryptographic Provider ...................................................... 61
7.5.15
-cpf
Cryptographic session property (file) .......................................... 61
7.5.16
-cps
Cryptographic session property (string) ....................................... 62
7.5.17
-cr
Signature Reason ........................................................... 62
7.5.18
-csl
Certificate Store Location ................................................... 62
7.5.19
-csn
Certificate Store Name ..................................................... 62
7.5.20
-nc
Disable cache for CRL and OCSP ............................................... 63
7.5.21
-tsc
Time Stamp Credentials .................................................... 63
7.5.22
-tsu
Time Stamp URL .......................................................... 63
7.5.23
-wpc
Web Proxy Server Credentials ................................................ 63
7.5.24
-wpu
Web Proxy Server URL ...................................................... 64
7.6
OCR .............................................................................. 64
7.6.1
-ocb
Convert Images to Bitonal before OCR Recognition .............................. 64
7.6.2
-oci
Do not deskew image ...................................................... 64
7.6.3
-ocs
Do Not Re-embed De-skewed Image .......................................... 64
7.6.4
-ocbc
Embed barcodes ......................................................... 65
7.6.5
-ocr
Load OCR Engine .......................................................... 65
7.6.6
-ocm
OCR mode ............................................................... 65
7.6.7
-ocd
Resolution for OCR Recognition .............................................. 66
7.6.8
-oca
Rotate the image to the detected angle ....................................... 66
7.6.9
-ocl
Set OCR Language ......................................................... 66
7.6.10
-ocp
Set OCR Parameters ........................................................ 66
7.6.11
-oct
Threshold Resolution for OCR ................................................ 66
8
Log File ........................................................................... 67
8.1
Warnings and Information ............................................................ 67
8.2
Errors ............................................................................. 67
8.3
Reports ............................................................................ 68
8.4
Conversion Errors ................................................................... 68
8.5
Post Analysis ....................................................................... 68
9
Licensing and Copyright ............................................................ 69
10
Contact ........................................................................... 69
37
© PDF Tools AG – Premium PDF Technology
3-Heights™ PDF to PDF/A Converter Service, March 24, 2016 | 5/69
1Introduction
1.1 Description
The 3-Heights™ PDF to PDF/A Converter Service converts PDF files into PDF/A files. PDF/A has been acknowledged
world-wide as the ISO standard for long-term archiving since 2005. The tool analyzes and converts the input file,
applying a digital signature where required.
The integrated validator then optionally checks conformity once again. This product is robust and powerful and
therefore predestined for archive migrations of any size.
PDF to PDF/A Converter
PDF/A
PDF
Log
PDF
PDF
Parameters
A
Fonts
ICC Profiles
Certificates
Convert (+ OCR)
Post-Validate
Linearize
Pre-Validate
Digital-
Signature
Report
1.2 Functions
The 3-Heights™ PDF to PDF/A Converter Service accepts files from many different applications and automatically
converts them into PDF/A. The level of conformity can be set to Level A or Level B. ICC color profiles for device-
dependent color profiles and font types are embedded in the document. There is an option to provide the entire
character set for fonts (no subsetting) to facilitate editing at a later stage. Missing fonts are reproduced as close
to the original as possible via font recognition. Metadata can be generated automatically or added from external
sources. The tool also detects and automatically repairs problems typical of the PDF format. A digital signature can
be applied and a conformity check carried out at the end of the process. The optional OCR Add-On and linearization
for fast web display are valuable additional functions.
1.2.1 Features
39
© PDF Tools AG – Premium PDF Technology
3-Heights™ PDF to PDF/A Converter Service, March 24, 2016 | 6/69
Conversion (PDF/A-1, PDF/A-2, PDF/A-3)
Selectable level of conformity
Embedding ICC color profiles for device-dependent color spaces
Replace and subset fonts
Validation
File analysis and repair
Conversion reporting
Digital signatures, PDF/A-compliant
Configure the virtual appearance of the signature (page, size, color, position, text, background image, etc.)
Write the application log to a log file and log to the event log of the operating system
Enforce conversion even if the file is unconvertible
Metadata management
Read encrypted input files
Encryption with access authorizations (not for PDF/A)
Linearization (fast web display)
JBIG2 compression
JPEG2000 compression
Conversion of embedded and attached files (PDF/A-2 and later)
Colorants management (PDF/A-2 and later)
OCR (optional)
List OCR plug-Ins
Set the OCR language
1.2.2 Formats
Input Formats
PDF 1.x (PDF 1.4, PDF 1.5, etc)
Target Formats
PDF/A-1a, PDF/A-1b
PDF/A-2a, PDF/A-2b, PDF/A-2u
PDF/A-3a, PDF/A-3b, PDF/A-3u
1.2.3 Compliance
Standards: ISO 19005-1 (PDF/A-1), ISO 19005-2 (PDF/A-2), ISO 19005-3 (PDF/A-3), ISO 32000 (PDF 1.7), PAdES
Part 2
Quality assurance: Isartor test suite
1.3 Service
The 3-Heights™ PDF to PDF/A Converter Service is a ready-to-use product that allows to install a Windows NT service
process to automatically convert various types of images from watched folders into PDF files. The 3-Heights™ PDF
to PDF/A Converter Service combines three programs in one executable.
35
© PDF Tools AG – Premium PDF Technology
3-Heights™ PDF to PDF/A Converter Service, March 24, 2016 | 7/69
1. A converting service, that can be run on Windows platforms. The service can be started, paused, stopped via
the Windows service control panel and reports to the application log of the Windows event log panel.
2. A command line interface to control the Image to PDF Converter Service. By means of this interface the service
can be installed, started, stopped and deleted.
3. A converter query program which can be used to retrieve information about available conversion options such
as file type, compression, dithering, color depths, etc.
1.4 Operating Systems
The 3-Heights™ PDF to PDF/A Converter Service is available for the following operating systems:
Windows Vista, 7, 8, 8.1, 10 - 32 and 64 bit
Windows Server 2008, 2008 R2, 2012, 2012 R2 - 32 and 64 bit
1.5 Digital Signatures
1.5.1 Overview
Digital signature is a large and slightly complex topic. This manual gives an introduction to digital signatures and
describes how the 3-Heights™ PDF to PDF/A Converter Service is used to apply them. It does however not describe
all the technical details.
1.5.2 Terminology
Digital Signatureis a cryptographic technique of calculating a number (a digital signature) for a message. Creating
a digital signature requires a private key from a certificate. Validating a digital signature and its authorship requires
a public key. Digital Signature is a technical term.
Electronic Signature e is a set of electronic data that is merged or linked to other electronic data in order to au
thenticate it. Electronic Signatures can be created by means of a digital signature or other techniques. Electronic
Signature is a legal term.
Abbreviations
CA
Certification Authority
CMS
Cryptographic Message Syntax
CRL
Certificate Revocation List
CSP
Cryptographic Service Provider
HSM
Hardware Security Module
46
© PDF Tools AG – Premium PDF Technology
3-Heights™ PDF to PDF/A Converter Service, March 24, 2016 | 8/69
Abbreviations
OCSP
Online Certificate Status Protocol
PKCS
Public Key Cryptography Standards
QES
Qualified Electronic Signature
TSA
Time-stamp Authority
TSP
Time-stamp Protocol
1.5.3 Why Digitally Signing?
The idea of applying a digital signature in PDF is very similar to a handwritten signature: A person reads a document
and signs it with its name. In addition to the name, the signature can contain further optional information, such as
the date and location. A valid electronic signature is a section of data that can be used to:
Ensure the integrity of the document
Authenticate the signer of the document
Prove existence of file prior to date (Time-stamp)
Digitally signing a document requires a certificate and its private key. How to access and use a certificate is described
in the chapterCryptographic Provider
.
In a PDF document, a digital signature consists of two parts:
A PDF related part This part consists of the PDF objects required to embed the signature into the PDF document.
This part depends on the signature type (Document Signature, MDP Signature, see table below). Information
such as name of the signer, reason, date, location is stored here. The signature may optionally have a visual
appearance on a page of the PDF document, which can contain text, graphics and images.
This part of the signature is entirely created by the 3-Heights™ PDF to PDF/A Converter Service.
A cryptographic part A digital signature is based on a cryptographic checksum (hash value) calculated from the
content of the document that is being signed. If the document is modified at a later time, the computed hash
value is no longer correct and the signature becomes invalid, i.e. the validation will fail and will report that the
document has been modified since the signature was applied. Only the owner of the certificate and its private
key is able to sign the document. However, anybody can verify the signature with the public key contained in
the certificate.
This part of the signature requires a cryptographic provider for some cryptographic data and algorithms.
The 3-Heights™ PDF to PDF/A Converter Service supports the following types of digital signatures:
Document Signature Check the integrity of the signed part of the document and authenticate the signer’s iden
tity. One or more signatures can be applied. A signed document can be modified and saved by incremental
update. The state of the document can be re-created as it existed at the time of signing.
MDP (Modification detection and prevention) Signature Enable detection of disallowed changes specified by
the author. A document can contain only one MDP signature; it must be the first in the document. Other docu
ment signatures may be present.
Document Time-stamp Signature Establish the exact content of the file at the time indicated by the Time-stamp.
One or more document Time-stamp signatures can be applied. A signed document can be modified and saved
by incremental update.
39
© PDF Tools AG – Premium PDF Technology
3-Heights™ PDF to PDF/A Converter Service, March 24, 2016 | 9/69
1.5.4 What is an Electronic Signature?
There are different types of electronic signatures, which normally are defined by national laws, and therefore are
different for different countries. The type of electronic signatures required in a certain process is usually defined by
national laws. Quite advanced in this manner are German-speaking countries where such laws and an established
terminology exist. The English terminology is basically a translation from German.
Three types of electronic signatures are distinguished:
Simple Electronic Signature“Einfache Elektronische Signatur”
Advanced Electronic Signature“Fortgeschrittene Elektronische Signatur”
Qualified Electronic Signature (QES)“Qualifizierte Elektronische Signatur”
All applied digital signatures are PDF/A and PAdES compliant.
Simple Electronic Signature
A simple electronic signature requires any certificate that can be used for digital signing. The easiest way to retrieve
a certificate, which meets that requirement, is to create a so called self-signed certificate. Self-signed means it is
signed by its owner, therefore the issuer of the certificate and the approver of the legitimacy of a document signed
by this certificate is the same person.
Example:
Anyone could create a self-signed certificate issued by“Peter Pan”and issued to“Peter Pan”. Using this certificate
one is able to sign in the name of“Peter Pan”.
If a PDF document is signed with a simple electronic signature and the document is changed after the signature
had been applied, the signature becomes invalid. However, the person who applied the changes, could at the same
time (maliciously) also remove the existing simple electronic signature and - after the changes - apply a new, equally
looking Simple Electronic Signature and falsify its date. As we can see, a simple electronic signature is neither strong
enough to ensure the integrity of the document nor to authenticate the signer.
This drawback can overcome using an advanced or Qualified Electronic Signature.
Advanced Electronic Signature
Requirements for advanced certificates and signatures vary depending on the country where they are issued and
used.
An advanced electronic signature is based on an advanced certificate that is issued by a recognized certificate au
thority (CA) in this country, such VeriSign, SwissSign, QuoVadis. In order to receive an advanced certificate, its owner
must prove its identity, e.g. by physically visiting the CA and presenting its passport. The owner can be an individual
or legal person or entity.
An advanced certificate contains the name of the owner, the name of the CA, its period of validity and other infor
mation.
The private key of the certificate is protected by a PIN, which is only known to its owner.
This brings the following advantages over a simple electronic signature:
The signature authenticates the signer.
The signature ensures the integrity of the signed content.
Documents you may be interested
Documents you may be interested
