Check that a PDF signature is cryptographically valid and that the document has not been modified since it was signed.
use pdfluent::PdfDocument;
fn main() -> pdfluent::Result<()> {
let doc = PdfDocument::open("signed.pdf")?;
let report = doc.verify_signatures()?;
println!("signed: {}, all valid: {}", report.is_signed(), report.all_valid());
Ok(())
}Add the pdfluent crate to Cargo.toml.
[dependencies]
pdfluent = "1.0.0-beta.8"Load the document. A read-only borrow is sufficient for verification.
use pdfluent::PdfDocument;
let doc = PdfDocument::open("signed_invoice.pdf")?;Call doc.signatures() to get all signature fields. Each item includes the field name, signing time, and the raw certificate chain.
let signatures = doc.signatures()?;
println!("Found {} signature(s)", signatures.len());
for sig in &signatures {
println!("Field: {}", sig.field_name);
println!("Signer: {}", sig.signer_name);
println!("Timestamp: {:?}", sig.timestamp);
}SignatureVerifier checks that the signed byte range matches the current file contents. If any byte outside the signature field has changed, integrity_valid is false.
let report = doc.verify_signatures()?;
if report.all_valid() {
println!("OK - all signatures valid, document not modified");
} else {
println!("FAIL - a signature is invalid or the document was modified");
}Check that the signing certificate chains to a trusted root. Supply your own trust store or use the system store.
let report = doc.verify_signatures()?;
println!("Signed: {}", report.is_signed());
for v in report.validations() {
println!("Field {}: {:?}", v.info.field_name, v.status);
}No JVM, no runtime, no DLL dependencies. Ships as a single native binary or WASM module.
Rust's ownership model prevents buffer overflows and use-after-free. No segfaults in PDF parsing.
Same code runs server-side, in Docker, on AWS Lambda, on Cloudflare Workers, or in the browser via WASM.