How-to guides/Digital Signatures

Add a digital signature to a PDF in Rust

Sign a PDF with a PKCS#12 certificate. PDFluent writes a conforming ISO 32000 signature that Adobe Acrobat, Preview, and other viewers can verify.

rust
use pdfluent::{PdfDocument, PdfSigner, SignatureOptions};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let mut doc = PdfDocument::open("contract.pdf")?;

    let cert = std::fs::read("signing_cert.p12")?;
    let signer = PdfSigner::from_pkcs12(&cert, "p12_password")?;

    signer.sign(
        &mut doc,
        SignatureOptions::default()
            .reason("Approved by legal team")
            .location("Amsterdam, NL"),
    )?;

    doc.save("contract_signed.pdf")?;
    println!("Document signed successfully");
    Ok(())
}
Install:cargo add pdfluentDownload SDK →

Step by step

1

Add PDFluent to your project

Add the pdfluent crate to Cargo.toml.

rust
[dependencies]
pdfluent = "0.9"
2

Load your PKCS#12 certificate

Read the .p12 or .pfx certificate file and create a PdfSigner. The certificate must include the private key.

rust
use pdfluent::PdfSigner;

let cert_bytes = std::fs::read("my_cert.p12")?;
let signer = PdfSigner::from_pkcs12(&cert_bytes, "your_p12_password")?;
3

Configure signature metadata

Set the reason, location, and contact info. These appear in the signature panel in PDF viewers.

rust
use pdfluent::SignatureOptions;

let opts = SignatureOptions::default()
    .reason("I approve the content of this document")
    .location("Amsterdam, NL")
    .contact_info("[email protected]")
    .signature_field_name("Signature1");
4

Position the visible signature appearance

Add a visible signature box on a specific page and position. Skip this step for invisible signatures.

rust
use pdfluent::{Rect, SignatureAppearance};

let appearance = SignatureAppearance::default()
    .page(0)
    .rect(Rect::new(350.0, 50.0, 550.0, 110.0))
    .text("Signed by: Jasper de Winter");

let opts = opts.appearance(appearance);
5

Sign the document and save

Call sign() then save(). The output file contains the cryptographic signature bytes embedded in the PDF structure.

rust
signer.sign(&mut doc, opts)?;
doc.save("contract_signed.pdf")?;

println!("Signed. Verify with: pdfluent verify contract_signed.pdf");

Notes and tips

  • PDF signing is incremental: the original bytes are not modified, the signature is appended. This preserves prior signatures.
  • For LTV (Long-Term Validation), call opts.embed_ocsp(true) to include the OCSP response in the signature.
  • Self-signed certificates will produce a warning in Acrobat. Use a certificate from a trusted CA for production use.
  • The signature field name must be unique in the document. Signing a field that already exists replaces the signature.

Why PDFluent for this

Pure Rust

No JVM, no runtime, no DLL dependencies. Ships as a single native binary or WASM module.

Memory safe

Rust's ownership model prevents buffer overflows and use-after-free. No segfaults in PDF parsing.

Runs anywhere

Same code runs server-side, in Docker, on AWS Lambda, on Cloudflare Workers, or in the browser via WASM.

Frequently asked questions

Download PDFluentDigital signatures in production