Sign a PDF with a PKCS#12 certificate. PDFluent writes a conforming ISO 32000 signature that Adobe Acrobat, Preview, and other viewers can verify.
use pdfluent::{PdfDocument, Pkcs12Signer, SignOptions};
fn main() -> pdfluent::Result<()> {
let mut doc = PdfDocument::open("contract.pdf")?;
let signer = Pkcs12Signer::from_pfx_file("cert.p12", "pfx-password")?;
doc.sign(&signer, SignOptions::new().reason("Approved"))?;
doc.save("signed.pdf")?;
Ok(())
}Add the pdfluent crate to Cargo.toml.
[dependencies]
pdfluent = "1.0.0-beta.8"Read the .p12 or .pfx certificate file and create a PdfSigner. The certificate must include the private key.
use pdfluent::Pkcs12Signer;
let signer = Pkcs12Signer::from_pfx_file("my_cert.p12", "your_p12_password")?;Set the reason, location, and contact info. These appear in the signature panel in PDF viewers.
use pdfluent::SignOptions;
let opts = SignOptions::new()
.reason("I approve the content of this document")
.location("Amsterdam, NL")
.contact_info("[email protected]")
.field_name("Signature1");Add a visible signature box on a specific page and position. Skip this step for invisible signatures.
use pdfluent::SignOptions;
// Place a visible signature rectangle on page 0: [x1, y1, x2, y2] in points
let opts = SignOptions::new()
.reason("Approved")
.visible_rect(0, [350.0, 50.0, 550.0, 110.0]);Call sign() then save(). The output file contains the cryptographic signature bytes embedded in the PDF structure.
doc.sign(&signer, opts)?;
doc.save("contract_signed.pdf")?;
println!("Signed.");No JVM, no runtime, no DLL dependencies. Ships as a single native binary or WASM module.
Rust's ownership model prevents buffer overflows and use-after-free. No segfaults in PDF parsing.
Same code runs server-side, in Docker, on AWS Lambda, on Cloudflare Workers, or in the browser via WASM.