rust·pdf Get a license

Digital signatures · Node.js and TypeScript

Digitally sign a PDF in Node.js

Add a cryptographic PKCS#7 or PAdES signature to a PDF from Node.js. rust-pdf signs through a non-destructive incremental update, so the original bytes are preserved and the signature stays verifiable in Adobe Reader, pdfsig and any PAdES validator.

See the Node.js code PAdES signatures, explained

Why Node.js and TypeScript needs this

Node typically reaches for heavy wrappers or headless Chrome for anything past basic output, which is slow, fragile and never archival-grade.

A real digital signature gives a document legal weight: it proves who signed it and that nothing changed afterwards. rust-pdf builds the detached CMS by hand to control the ByteRange, supports PAdES B-B, B-LT and B-LTA for long-term validation, and lets you supply your own key and certificate as DER.

  • PKCS#7 detached and PAdES B-B, with B-LT and B-LTA for long-term validation.
  • Incremental update: the original file is preserved byte for byte, so earlier signatures stay valid.
  • Bring your own key and X.509 certificate (PKCS#8 DER), or chain to a TSA for timestamps.

Sign a PDF in Node.js with rust-pdf

Install the package, then call the same idiomatic API every rust-pdf binding shares. The snippet below is real Node.js code from the reference docs.

Node.js
const fs = require("fs");
const rustpdf = require("rustpdf");

const pdf     = fs.readFileSync("contract.pdf");
const keyDer  = fs.readFileSync("signing-key.pkcs8.der");   // PKCS#8 private key (DER)
const certDer = fs.readFileSync("signing-cert.der");        // X.509 certificate (DER)

const signed = rustpdf.sign(pdf, keyDer, certDer, {
  reason: "Approved", location: "New York",
  name: "Jane Doe", pades: true,
});
fs.writeFileSync("contract.signed.pdf", signed);
// Verify in a shell: pdfsig contract.signed.pdf  →  "Signature is Valid."
Validated by: pdfsigopensslqpdf

Node.js basic generation is free. Signing is a corporate feature, unlocked by one offline license token. See pricing & licensing.

Full Node.js reference in the documentation.

Signing in Node.js: FAQ

Is the signature legally valid?

rust-pdf produces standards-compliant PKCS#7 and PAdES signatures. Legal validity depends on the certificate you sign with (for example an eIDAS qualified certificate or an ICP-Brasil certificate). The library handles the cryptography and the PDF structure correctly, which is what validators such as pdfsig and Adobe Reader check.

Does it support long-term validation (LTV)?

Yes. After signing you can append a Document Security Store with certificates and CRLs (PAdES B-LT) and an RFC 3161 document timestamp (PAdES B-LTA), all offline. A trusted external TSA and live OCSP fetching are the only parts that need network infrastructure.

Do I need a license to sign in Node.js?

Signing is a corporate feature, so it requires an active license token. Basic PDF generation in Node.js is free. The same offline Ed25519 token unlocks signing across every language.

Digitally Sign a PDF in Node.js (PAdES)

One Rust core, the same output across every language. Prototype for free, license the corporate features when you ship.

Read the Node.js docs View pricing & licensing
PAdES signatures rust-pdf for Node.js Signing in Go Signing in PHP Signing in Ruby Signing in Python Signing in C# PDF/A in Node.js Encryption in Node.js Merging in Node.js Text extraction in Node.js Compression in Node.js Node.js docs