Enterprise digital signatures with PAdES-LTV and S/MIME support. 0 failures on 20,000 PDFs. HSM integration available.
use pdfluent::{PdfDocument, Pkcs12Signer, SignOptions, PadesProfile};
fn main() -> pdfluent::Result<()> {
let mut doc = PdfDocument::open("contract.pdf")?;
let signer = Pkcs12Signer::from_pfx_file("signing.p12", "cert-password")?;
let opts = SignOptions::new()
.reason("Approved")
.location("Amsterdam, NL")
.profile(PadesProfile::LongTerm);
doc.sign(&signer, opts)?;
doc.save("contract-signed.pdf")?;
let report = doc.verify_signatures()?;
println!("All signatures valid: {}", report.all_valid());
Ok(())
}Run cargo add [email protected] to get started.
Long-Term Validation signatures that remain valid beyond certificate expiration. Full PAdES-BES, -T, -C, -LTV, and -LT support.
Digitally signed and validated 20,000 production PDFs across multiple PKIs. Zero validation failures on well-formed signatures.
Sign and verify S/MIME email attachments. CMS/PKCS#7 envelope and enveloped signature support for document workflows.
Sign with keys stored in AWS CloudHSM, Azure Key Vault, or any PKCS#11 device. No key material in memory during signing.
Add RFC 3161 trusted timestamps to signatures. LTV validation uses embedded timestamps when CRL/OCSP is unavailable.
Apply multiple signatures to a single document. Validate entire signature chains with parallel timestamp and CRL checks.