Posted Wednesday, 15-Nov-2024 by Ingo Karkat
By "signing" I mean putting a scanned image of a handwritten signature into a PDF document. This is the digitalization level we're currently struggling with in Germany. Actual digital signatures are so next-millennium!
 |
Every parent of a school-age child in Germany knows the various Elternbriefe that their offspring brings home from school; short notes from the teacher, usually with a RSVP strip to be detached, personalized by inserting the pupil's name, signed by a parent, and then the child returns this to the teacher. It often informs and ask for permission about an excursion, or a book to be collectively ordered (and paid individually, via cash collected through the children). Every semester, there's at least a handful of those.
This system had already been in place when I went to school three decades ago, with just minor variations due to typewriters and Matrizendrucker getting replaced first with photo copiers and then later with word processors and printers. But since the pandemic introduced electronic messaging into the school system, (a minority of) teachers have replaced the printouts with a PDF sent to the pupils, who then forward the document to their parents, who usually still print them (a great example of outsourcing to the customer, saving school resources), but (older) pupils with a mobile phone may also photograph the signed document and send back the photo through the same messaging they received it with.
I guess the promise of increased efficiency and less waste of resources (though some teachers have always been adept at creating and cramming two or even four notes onto a single sheet of pager) makes this a worthwhile endeavor, although I fear that currently the inconsistent application (and diminishing attention spans of the "TikTok generation") makes this even more chaotic for the teacher to handle so far. It also doesn't help that the pragmatically introduced systems (mostly Microsoft Teams) have now been migrated to dedicated management systems. Both my wife and I recently got separate parents' accounts for the school's IServ platform.
The supplier of my daughter's school explicitly highlights communication with parents as a selling point:
Send letters to parents, organize your parent-teacher meetings and retrieve sick notes – in compliance with data protection regulations, uncomplicated and without any pieces of paper that get lost in the school bag.
But yesterday we got an (electronic) letter from the headmaster clarifying the situation:
We have now also received an answer from the lawyers regarding digital parental signatures:
Basically, we always need the signature of both parents for excursions that go beyond class time and where students are exposed to further risks (e.g. events on the water, traveling alone in unfamiliar cities, etc.). This must be in paper form and in the original. The second IServ access for parents is therefore not necessary because everything that both parents have to sign must be submitted in paper form.
Excuses, letters to parents about excursions during class time without additional risks and all letters to parents that primarily serve as information will continue to be sent via IServ. If feedback is required in these letters, feedback from one parent is sufficient.
Information relevant to data protection law may not be exchanged digitally. Therefore: Please understand that the teacher is not allowed to answer your questions digitally and therefore does not do so. In such cases, a personal conversation (by phone or in person) is always necessary.
So even though the chosen, domain-specific platform from a German supplier that is funded by the federal ministry for economy conforms to DSGVO, it can only be used for "harmless" and impersonal things. That's the level of risk-aversion and bureaucracy in Germany today. WTF
As an IT expert, I'm keen on supporting all-digital workflows and so I jumped at the chance to sign these letters digitally whenever possible (though my daughter is quick at submitting a print job and then just telling us that there's something waiting in the printer to sign). And naturally I've tackled this challenge through open tools and a bit of scripting. Actually, signing a third-party PDF is just a sub-process of creating letters (to health insurance, or job applications), so I'm presenting my complete custom workflow here.
I write my letters in Vim. There, I have defined a custom filetype letter, which has snipMate snippets (for German and English; a message reminds me of the snippet's names when I open an empty letter). These correctly position the address fields, subject line, and body (which is important if you use it for snail mail with a window envelope). A bit of custom syntax highlighting provides optical feedback that everything is still in the right place. The current date is inserted automatically. I then proceed to fill out the fields, type my message, save, and then export the document.
Vim only provides PostScript rendering by default; my AdvancedHardcopy.vim plugin provides a :PDF command for direct export to that de facto standard format. I have extended that command into :PDFWithLetterhead which invokes a custom pdf-letterhead command that uses the qpdf tool to apply a PDF file as an underlaid letterhead to the passed PDF file. And that PDF letterhead is a LibreOffice document template that I had created eons ago in Winword 6 on my 386 PC while I was still in school ;-) Watch it in action:
When mailing a paper copy the old-fashioned way, I would print the resulting PDF, manually sign it with a pen, fold it, put it in an envelope, stick a stamp on it, and then walk to an (increasingly rare) mail box on the street corner to post it.
 |
 |
 |
The ImageMagick toolset allows complex manipulations of images (and PDF files) through a powerful command-line interface. I collect helpful utilities built with it in my convert-extensions project. The pdf-add-signature tool scales, positions, and then overlays my scanned signature on top of a PDF page:
$ pdf-add-signature ~/Ablage/print/dummy.pdf Info: Placing signature at 423x78+125+330 /home/inkarkat/Ablage/print/dummy.signed.pdf
The --at|-% VERTICAL-PERCENTAGE parameter controls the position, alignment can be changed with --center|-c|--right|-r, and a --geometry [WxH](+-)X(+-)Y parameter allows full control. The tool prints the used position so that it's easy to start with the coarse parameters and then switch to fine-tuning via --geometry. By default, the modified PDF is placed next to the original file with a .signed. extension added. This makes it easy to repeat the process and eventually consume the result.
Returning to the notes from school teachers, I would use that single command to insert my signature, and then send back the resulting document.
 |
Because it's such a pleasure to work with ImageMagick, I had a little bit of fun and also implemented a fakescan tool that adds a bit of noise and blurring so that the resulting document looks as if it were printed out and rescanned. With this, I can obscure my superior all-digital workflow from the neophytes ;-)
In fact, nobody's scanning a document any longer. Today, everybody's pulling out their smartphone and snap a (often poorly lit and cropped) photo of the sheet of paper on the kitchen table. Hey, that's something that can be emulated, too! It took about one hour (most of that time adding and tweaking the filters) to implement fakephoto.
Finally, pdf-add-signature-and-fake combines the two tools to add a signature and then apply the photo filter.
$ pdf-add-signature-and-fake photo ~/Ablage/print/dummy.pdf pdf-add-signature: Info: Placing signature at 423x78+125+330 /tmp/tempdirPipe-2ajxp6/dummy.signed.pdf fakephoto: /home/inkarkat/Ablage/print/dummy.photo.signed.pdf
This script uses another custom tool, tempdirPipe to connect the two tools into a processing pipeline that stores the intermediary files in a temporary directory. This makes it super easy to add additional pipeline steps.
exec tempdirPipe --with-header "${tempdirPipeOutputArg[@]}" \
--exec pdf-add-signature "${addSignatureArgs[@]}" --direct --to '{O}' -- '{ii}' \; \
--exec "fake${what}" --to '{O}' -- '{ii}' \; \
-- "$@"
The lack of GUI-based tools makes it very easy to combine and integrate this with other workflows. The price I have to pay for this flexibility is a bit of a learning curve if I haven't executed the process for some time. My shell history may help, but if all else fails I may have to consult my manual and/or open the usage help of the tool to recall how it's invoked.
Ingo Karkat, 15-Nov-2024
ingo's blog is licensed under Attribution-ShareAlike 4.0 International
