How to get an OpenType icon on a OpenType TTF Flavored font file?

haag's picture

Hi there!!

When I generate a Opentype TrueType flavored font on FLAB, it gets a TrueType icon file in Windows. (I'm not sure that also happens on MAC platform).
But I've seen these kind of font files with the .TTF extension presenting an Opentype font icon. I know DaltonMaag uses this.

How can this be done?

I'm selling fonts with this format (for better screen hinting), but the .TTF extension and font file icon missleads some users...thinking they've bought a simple TrueType font.

many regards from sunny Brazil ;)

Fabio

twardoch's picture

Add a digital signature (DSIG). You can do it in FontLab Studio but you need to own an "Authenticode" Class 3 code signing digital certificate. You can get one from Thawte or Verisign, they cost some $200-$400. It's also possible to create a self-signed test certificate for free -- for more information see

http://msdn2.microsoft.com/en-us/library/aa140234(office.10).aspx#odc_dcss_procedure

(you only need to complete steps 1-3). Once you have the private key file and the .spc certificate file that you produce in this process (or obtain from VeriSign/Thawte), you can link these files to the Digital signatures section of FontLab Studio's Preferences/Options dialog box.

A.

haag's picture

Uauuu....it does cost to do that!
I'll check that test certificate....

Thks a lot for the quick response ;)

Fabio

ralf h.'s picture

Is there - or will there be - a downside in not having the digital signature? (Beside confused customers …)

Ralf

twardoch's picture

Ralf,

the digital signatures singed with a proper (non-test) certificate are a safe way to ensure that the font you're dealing with is an original creation of a certain foundry. If a font was modified, the digital signature becomes invalid (or is not included at all). Some foundries, e.g. Linotype, use DSIG to check if a font that a customer is complaining about is an unmodified Linotype original or if it was "touched" by someone and therefore "the warranty is void". You could view DSIGs as some sort of "warranty seal".

A.

ralf h.'s picture

Ah, I see.
Thanks Adam!

Ralf

david h's picture

BTW, why this kind of 'chain reaction'? why not to have OT/TT icon like OTF? ... and the DSIG is kind of useless.

twardoch's picture

Microsoft's idea way to differentiate somehow between the old-style TrueType fonts and the new OpenType TT fonts. Since both carry a ".ttf" extension, Microsoft decided to check for the presence of the "DSIG" table. At the time when Windows 2000 was created, they thought digital signatures in fonts would become "the big thing".

BTW, I don't think DSIGs are useless. When you produce original typefaces, it's quite useful to stamp them in a way that cannot be forged -- no?

A.

david h's picture

> Microsoft’s idea way to differentiate somehow between the old-style TrueType fonts and the new OpenType TT fonts.

They're doing great job, but this idea is just bad one. Why to differentiate? -- just have two icons (old ttf, and 'new' ttf)

> When you produce original typefaces....

Maybe (this is useful) :) but the fact that you can change the digital signature.....

twardoch's picture

> just have two icons (old ttf, and
>‘new’ ttf)

Well, yes, but you need a criterion on which the operating system assigns these icons :)

A.

david h's picture

I see. Too much work? :) So, just one icon -- OTT

oldnick's picture

On the subject of digital signatures:

The certificate cost--even the less expensive one from Thawte--is somewhat of a burden for a small foundry; however, if enough small foundries were interested in forming a VERY loose coalition and obtaining ONE certificate for use by ALL members, the cost could be reduced substantially. Does this idea interest anyone?

david h's picture

> On the subject of digital signatures:

why not to do it with FL?

twardoch's picture

David,

what do you mean by "with FL"?

A.

david h's picture

Adam,

To do the digital signature with FL, and eliminate the third party. Or to have a plug or something, and you pay one time fee and that's it.

p.s.
where's Paul? survey, please :)

twardoch's picture

David,

I do understand each word of yours but not the contents of the entire sentence :) What do you mean by "FL"? FontLab Studio, the application? Fontlab Ltd., the company? What do you mean by "do the digital signature"? Embed the digital signature in the font? Purchase the digital certificate? Something else?

FontLab Studio 5 has the ability to embed digital signatures into fonts, if the font developer installs an appropriate certificate. But Fontlab Ltd. does not issue or share digital certificates, and Fontlab Ltd. is not a certification authority. You need to obtain a digital certificate from a certification authority such as VeriSign or Thawte.

Font developers are free to form a "coalition" of some sort to share the cost and effort (the certification authority would have to issue the certificate to that "coalition", which I presume would need to be a legal entity of some sort.

Also, any font developer can purchase a digital certificate in his own name, and then choose to offer a service of using his own certificate to digitally sign fonts for other developers as well, or even to share his digital certificate with some other trusted vendors so they can sign the fonts using that certificate as well.

A.

david h's picture

Adam,

> I do understand each word of yours but not the contents of the entire sentence :)

This is like the GMAT :)

I'm talking about FontLab Studio 5.

> What do you mean by “do the digital signature”?

I'll try to illustrate it the simple/easy way: something like "Generate Font..." -> "Generate Digital Signature".

twardoch's picture

Well, this is how it works. You link your .spc and .pvk files in FontLab Studio's preferences once, and from then on, all your OpenType PS and OpenType TT fonts that you generate are automatically digitally signed.

A.

Rhythmus.be's picture

$200–$400 is not that much, for a serious foundry, is it? Just think how many (few) licenses it would have to sell, to have the cerificate paid back?

Adam — Does the certificate only apply to Windows? Or is it cross-platform, in that it is recognised on Mac OS/X and/or Linux, as well? What's the legal status, in case one would want to prove in court that one's fonts had been pirated or forged?

twardoch's picture

The Authenticode code signing certificates are principally a Microsoft format. However, for the purpose of signing OpenType fonts, you use one and the same certificate to sign your fonts.

A.

david h's picture

who said $200–$400 is that much? or the issue?

oldnick's picture

who said $200–$400 is that much? or the issue?

...per YEAR, every year.

Rhythmus.be's picture

Ah— that's another thing, indeed!

I shouldn't have expected differently from a M$ proprietary 'standard'...

twardoch's picture

Ludwig,

from your remark, I gather that you're one of those fellows who are happy in their simplistic view of the world that goes like "Microsoft is bad, others are good".

Therefore, I guess it will be a huge shock for you to learn that this has very little to do with being an "MS proprietary standard". The Authenticode code signing certificates are X.509 IETF certificates issued for a particular purpose and packaged in a particular, Microsoft-specific way. However, there are opensource tools that can convert a code signing X.509 certificate into an Authenticode code signing certificate, and the format of the Microsoft packaging of digital certificate is widely published.

X.509 digital certificates are an IETF international standard, and are used widely on the WWW, for example in SSL (https) encryption. They all cost money, even those that you use on an opensource Apache server. This has to do with the fact that the certification authorities that issue the certificates are companies that have costs of operation and (since they are companies) their purpose is to make money.

This, per se, has nothing to do with Microsoft, but I guess where you live ranting against "M$" is just an easy way to escape the complex reality.

Tip for the future: do some background reading before publicly announcing your conclusions.

Regards,
Adam

david h's picture

I agree with Adam; no need to say/use "M$"

twardoch's picture

BTW, some current pricing for Microsoft Authenticode code signing certificates (alco called Authenticode digital IDs):

Thawte: ~US$200/year
https://www.thawte.com/ssl-digital-certificates/code-signing/

GlobalSign: ~US$215/year
http://www.globalsign.net/digital_certificate/objectsign/index.cfm

Comodo: ~US$240/year
https://secure.comodo.net/products/frontpage?area=codesigning

VeriSign: ~US$450/year
http://www.verisign.com/products-services/security-services/code-signing...

Regards,
Adam

Miguel Sousa's picture

> Well, yes, but you need a criterion on which the operating system assigns these icons :)

What about relying on the presence of a table other than the 'DSIG'?
Maybe 'GSUB'? This one is certainly more tied with OpenType than the 'DSIG', no?

Thomas Phinney's picture

At one time MS was going to move to a more complex system whereby they'd use the OT icon based on the presence of any of several other tables. Then they'd have a little ribbon adornment that would indicate whether the TT or OT font has a digital signature.

I have a hazy thought that maybe this didn't make it into Vista.

Cheers,

T

Si_Daniels's picture

>I have a hazy thought that maybe this didn’t make it into Vista.

True, sadly. Long story... maybe over a pint at TC07 if anyone is really interested.

Cheers, Si

david h's picture

BTW, the Arabic fonts (OpenType) by Linotype don't have the OT/TTF icon -- just the 'plain' .ttf

twardoch's picture

David,

that's somewhat surprising. I was under the impression that Linotype signs all their fonts.

A.

dezcom's picture

Why is Verisign's version more than twice as much as Thawte?
Are they not the same thing?

ChrisL

twardoch's picture

Chris,

Thawte is owned by VeriSign but VeriSign is a better-known brand. It's called product diversification.

A.

dezcom's picture

Expensive brand snobbery when after you buy it, there is no cache to it. If you by a BMW instead of a VW, at least the car snobs notice :-)

You have helped me make my choice. I think I will support the lesser brand and save the $250. :-)

ChrisL

ralf h.'s picture

I have seen icon sets with a TrueType+Ribbon icon. Are these now standard in Vista?
Will Vista still look for the DSIG table?
Do OpenType PS still get the OpenType-O-icon regardless of the digital signature?

I still run XP and couln't find the answers to those questions.

Ralf

allanm1's picture

You can get the OpenType icon without a digital signature, you just need the DSIG header with:

usNumSigs (Number of signatures in the table) = 0;

it works. The font wont be digitally signed of course, but the operating system only checks if the DSIG table is present to produce the icon.

Don't think you can do that with FontLab though.

Eluard's picture

*Never mind*

DotlessHyphen's picture

Hi Allan,

I understand that this function: "usNumSigs = 0;" should do the trick.
AFAIK, this function is not in python's syntax.

Could you please be more specific?

Regards,

DH

msmiths's picture

The digital signature is interesting, it would be nice if it could be applied to any digital file/product as well.

allanm1's picture

Hi DH,

Don't know how to do it with Python, but you can do it with Microsoft's free 'AddTable.exe' tool available here:
http://www.microsoft.com/typography/tools/tools.aspx

you also need a data file containing the bytes for the blank DSIG table (8 bytes):
00 00 00 01 (ulVersion = 1)
00 00 (usNumSigs = 0)
00 00 (usFlag = 0)
(Ive made one here you can download:
http://homepages.ihug.co.nz/~allanm1/DSIG.DAT)

Then type on the command line:
addtable DSIG dsig.dat in.ttf out.ttf
(make sure that the DSIG is uppercase)

in.ttf is your original font.
out.ttf is the output font which will now have the OpenType icon on Windows XP.

Allan

DotlessHyphen's picture

Thanks, I will give it a shot.
Will the icon work onMac OSX as well? I will check that too.

Regards,

DH

ralf h.'s picture

On MacOS X (10.4 Tiger) there are just generic font icons with the addition TTF/OTF/FFIL/DFONT/...
On 10.5 Leopard the icon is (by default) replaced by a live preview.

May I bump my question:
What about Vista and OpenType icons and the connection to the DSIG table?

Ralf

DotlessHyphen's picture

Funny enough, but an OT font, digitally signed like Arno Pro by Adobe, doesn't show the O icon on the Mac. On windows the icon is perfect but onthe Mac,FontBook seems to take over the fonts' icons...

The font info window, opposed to Windows properties, doesn't inform you the font is digitally signed.
The "Open with" option is set to Font Book (default).

Regards,

DH

Syndicate content Syndicate content