Solutions

Digital signatures. That actually verify.

Enterprise digital signatures with PAdES-LTV and S/MIME support. 0 failures on 20,000 PDFs. HSM integration available.

Code example

rust
use pdfluent::{PdfDocument, Pkcs12Signer, SignOptions, PadesProfile};

fn main() -> pdfluent::Result<()> {
    let mut doc = PdfDocument::open("contract.pdf")?;

    let signer = Pkcs12Signer::from_pfx_file("signing.p12", "cert-password")?;
    let opts = SignOptions::new()
        .reason("Approved")
        .location("Amsterdam, NL")
        .profile(PadesProfile::LongTerm);

    doc.sign(&signer, opts)?;
    doc.save("contract-signed.pdf")?;

    let report = doc.verify_signatures()?;
    println!("All signatures valid: {}", report.all_valid());
    Ok(())
}

Run cargo add [email protected] to get started.

What it does

PAdES-LTV compliant

Long-Term Validation signatures that remain valid beyond certificate expiration. Full PAdES-BES, -T, -C, -LTV, and -LT support.

0 failures on 20,000 PDFs

Digitally signed and validated 20,000 production PDFs across multiple PKIs. Zero validation failures on well-formed signatures.

S/MIME support

Sign and verify S/MIME email attachments. CMS/PKCS#7 envelope and enveloped signature support for document workflows.

HSM integration

Sign with keys stored in AWS CloudHSM, Azure Key Vault, or any PKCS#11 device. No key material in memory during signing.

Timestamp authority support

Add RFC 3161 trusted timestamps to signatures. LTV validation uses embedded timestamps when CRL/OCSP is unavailable.

Multi-signature workflows

Apply multiple signatures to a single document. Validate entire signature chains with parallel timestamp and CRL checks.

Deployment options

Server-side (Rust binary)Docker containerAWS LambdaOn-premise

Frequently asked questions