Digital signatures · PHP
Digitally sign a PDF in PHP
Add a cryptographic PKCS#7 or PAdES signature to a PDF from PHP. rust-pdf signs through a non-destructive incremental update, so the original bytes are preserved and the signature stays verifiable in Adobe Reader, pdfsig and any PAdES validator.
Why PHP needs this
PHP's classic libraries (TCPDF, FPDF) predate modern PDF and have no real PDF/A, no PAdES signatures and no AES-256, while the commercial alternatives are costly.
A real digital signature gives a document legal weight: it proves who signed it and that nothing changed afterwards. rust-pdf builds the detached CMS by hand to control the ByteRange, supports PAdES B-B, B-LT and B-LTA for long-term validation, and lets you supply your own key and certificate as DER.
- PKCS#7 detached and PAdES B-B, with B-LT and B-LTA for long-term validation.
- Incremental update: the original file is preserved byte for byte, so earlier signatures stay valid.
- Bring your own key and X.509 certificate (PKCS#8 DER), or chain to a TSA for timestamps.
Sign a PDF in PHP with rust-pdf
Install the package, then call the same idiomatic API every rust-pdf binding shares. The snippet below is real PHP code from the reference docs.
use RustPdf\Pdf;
$pdf = file_get_contents('contract.pdf');
$keyDer = file_get_contents('signing-key.pkcs8.der'); // PKCS#8 private key (DER)
$certDer = file_get_contents('signing-cert.der'); // X.509 certificate (DER)
$signed = Pdf::sign($pdf, $keyDer, $certDer,
reason: 'Approved', location: 'New York',
name: 'Jane Doe', pades: true);
file_put_contents('contract.signed.pdf', $signed);
// Verify in a shell: pdfsig contract.signed.pdf → "Signature is Valid."PHP basic generation is free. Signing is a corporate feature, unlocked by one offline license token. See pricing & licensing.
Full PHP reference in the documentation.
Signing in PHP: FAQ
Is the signature legally valid?
rust-pdf produces standards-compliant PKCS#7 and PAdES signatures. Legal validity depends on the certificate you sign with (for example an eIDAS qualified certificate or an ICP-Brasil certificate). The library handles the cryptography and the PDF structure correctly, which is what validators such as pdfsig and Adobe Reader check.
Does it support long-term validation (LTV)?
Yes. After signing you can append a Document Security Store with certificates and CRLs (PAdES B-LT) and an RFC 3161 document timestamp (PAdES B-LTA), all offline. A trusted external TSA and live OCSP fetching are the only parts that need network infrastructure.
Do I need a license to sign in PHP?
Signing is a corporate feature, so it requires an active license token. Basic PDF generation in PHP is free. The same offline Ed25519 token unlocks signing across every language.
Digitally Sign a PDF in PHP (PAdES)
One Rust core, the same output across every language. Prototype for free, license the corporate features when you ship.