Forwarding the Digitalization

17 May 2020

Have you also noticed how “digitalization” is still a foreign concept for many out there? Especially for those who deal with “official” stuff.
Of course you just can not send them an email with the PDF filled in digitally!
Heck, some people still even want to get a FAX!

A few days back someone on HackerNews posted a link to a service he built, where you can upload a PDF and you will get it back looking like if it was scanned in – a bit blurry, not well aligned, etc. ⊕There is also FalsiScan, which carries it to extremes giving you the possibility to insert your signature in the step as well. [HN comments]

But basically it’s just these two shell commandsEasily doable with WSL as well. who do all the work:

convert -density 150 input.pdf -colorspace gray -linear-stretch 3.5%x10% -blur 0x0.5 -attenuate 0.25 +noise Gaussian -rotate 0.5 temp.pdf

gs -dSAFER -dBATCH -dNOPAUSE -dNOCACHE -sDEVICE=pdfwrite -sColorConversionStrategy=LeaveColorUnchanged -dAutoFilterColorImages=true -dAutoFilterGrayImages=true -dDownsampleMonoImages=true -dDownsampleGrayImages=true -dDownsampleColorImages=true -sOutputFile=output.pdf temp.pdf

But it turned out not to be that easy: ImageMagick has now a security policy in place which will prohibit processing PDFs and PostScript files. Trying to invoke ImageMagick with convert will fail with the fairly ambigous not authorized 'file.pdf' @ <somewhere>
What a nice and helpful error message! It ticks all points:

✅ Doesn’t tell you what’s wrong. (What do you mean, ‘not authorized’?)
✅ Doesn’t tell you how to resolve it.
✅ Gives you superfluous information you can’t use. You don’t care at all where the precise location of this error in the code is.

Poking around a bit gives the answer of an aggressive security safeguard in place. Since we only edit our very own PDF files we don’t care about malicous content – we want to get work done! To read more about this topic in detail I can recommend this article, which also supplies the solution:
Just edit this file /etc/ImageMagick-6/policy.xml to make sure the rights are not set to ‘none’.

<policy domain="coder" rights="read|write" pattern="PDF,PS" />

Having done that you’re good to go to and enjoy your circumvention of this bureaucratic system.

I already used it now in various correspondence – among others with a bank, who rejected a digitally signed PDF. Welp, then they got my faux-printed doc. You fools!

Comments