rust·pdf Get a license

Digital signatures · Python

Digitally sign a PDF in Python

Add a cryptographic PKCS#7 or PAdES signature to a PDF from Python. rust-pdf signs through a non-destructive incremental update, so the original bytes are preserved and the signature stays verifiable in Adobe Reader, pdfsig and any PAdES validator.

See the Python code PAdES signatures, explained

Why Python needs this

ReportLab handles layout (its strongest parts are paid) while pikepdf and pypdf cover slices, so archival PDF/A and signatures stay a recurring pain in Python.

A real digital signature gives a document legal weight: it proves who signed it and that nothing changed afterwards. rust-pdf builds the detached CMS by hand to control the ByteRange, supports PAdES B-B, B-LT and B-LTA for long-term validation, and lets you supply your own key and certificate as DER.

  • PKCS#7 detached and PAdES B-B, with B-LT and B-LTA for long-term validation.
  • Incremental update: the original file is preserved byte for byte, so earlier signatures stay valid.
  • Bring your own key and X.509 certificate (PKCS#8 DER), or chain to a TSA for timestamps.

Sign a PDF in Python with rust-pdf

Install the package, then call the same idiomatic API every rust-pdf binding shares. The snippet below is real Python code from the reference docs.

Python
import rustpdf

pdf_bytes = open("contract.pdf", "rb").read()
key_der   = open("signing-key.pkcs8.der", "rb").read()   # PKCS#8 private key (DER)
cert_der  = open("signing-cert.der", "rb").read()        # X.509 certificate (DER)

signed = rustpdf.sign(pdf_bytes, key_der, cert_der,
                      reason="Approved", location="New York",
                      name="Jane Doe", pades=True)
open("contract.signed.pdf", "wb").write(signed)
# Verify in a shell: pdfsig contract.signed.pdf  →  "Signature is Valid."
Validated by: pdfsigopensslqpdf

Python basic generation is free. Signing is a corporate feature, unlocked by one offline license token. See pricing & licensing.

Full Python reference in the documentation.

Signing in Python: FAQ

Is the signature legally valid?

rust-pdf produces standards-compliant PKCS#7 and PAdES signatures. Legal validity depends on the certificate you sign with (for example an eIDAS qualified certificate or an ICP-Brasil certificate). The library handles the cryptography and the PDF structure correctly, which is what validators such as pdfsig and Adobe Reader check.

Does it support long-term validation (LTV)?

Yes. After signing you can append a Document Security Store with certificates and CRLs (PAdES B-LT) and an RFC 3161 document timestamp (PAdES B-LTA), all offline. A trusted external TSA and live OCSP fetching are the only parts that need network infrastructure.

Do I need a license to sign in Python?

Signing is a corporate feature, so it requires an active license token. Basic PDF generation in Python is free. The same offline Ed25519 token unlocks signing across every language.

Digitally Sign a PDF in Python (PAdES)

One Rust core, the same output across every language. Prototype for free, license the corporate features when you ship.

Read the Python docs View pricing & licensing
PAdES signatures rust-pdf for Python Signing in Go Signing in PHP Signing in Ruby Signing in Node.js Signing in C# PDF/A in Python Encryption in Python Python docs