PDF Password Protect
Document security and compliance for your PDFs. Free, in your browser.
.pdf · up to 100 MB
Why use it
Protect your PDFs with AES-256 password encryption
Industry-standard encryption
AES-256, the same standard used by governments and banks to protect sensitive information.
Password never leaves your device
All encryption happens in your browser. No data is ever sent to our servers.
Permission control
Restrict printing, copying, editing, and page extraction independently.
Instant
AES-256 encryption completed in seconds, directly in your browser.
How it works
Three steps, no hassle
Upload your PDF
Drag or select your PDF file. Everything happens in your browser: the file never leaves your device.
Set your password and permissions
Define the opening password and optionally restrict printing, copying, or editing the document.
Download your protected PDF
The resulting PDF is encrypted with AES-256. Download with one click and share it securely.
FAQ
Got questions?
The user password (also called the open password) is required to open the PDF: without it, the document cannot be read. The owner password (or permissions password) does not block opening, but restricts operations: printing, copying text, editing, or extracting pages. Both can be set independently.
The modern standard is AES-256 (Advanced Encryption Standard, 256-bit key), introduced in PDF 1.7 (Adobe Acrobat 9) and mandated in PDF 2.0 (ISO 32000-2). Earlier versions used 40-bit RC4 (PDF 1.1–1.3) or 128-bit RC4 (PDF 1.4–1.6). Only AES-256 is considered cryptographically secure long-term.
It depends on password length and complexity. Short passwords (under 8 characters, letters only) can be broken with dictionary attacks in hours. With AES-256 and a 12+ character password with symbols, a brute-force attack would require more time than the age of the universe with current hardware. The protection is only as strong as the password you choose.
The PDF specification defines permission flags that can be toggled: printing (normal or high-resolution), modifying content, copying/extracting text and images, adding annotations and forms, filling forms, extracting pages, and assembling the document. These permissions are controlled by the owner password.
Yes. Encryption happens entirely in your browser using the Web Crypto API (AES-256 based). The password is never sent to any server: the only place it exists is on your device and in the encrypted PDF you download. You can verify this by opening developer tools and checking that no network requests are made during the process.
PDF encryption evolution: from RC4 to AES-256
Password protection in PDF has a history shaped by cryptographic evolution. PDF 1.1 (1994) introduced the first security mechanism using 40-bit RC4 — weak even by the standards of the time, but constrained by US cryptography export regulations. PDF 1.4 (2001) extended RC4 to 128 bits. The decisive leap came with PDF 1.6 (2004): 128-bit AES, and PDF 1.7 (2008): 256-bit AES.
ISO 32000-2 (PDF 2.0, 2017) formally deprecated RC4 and established AES-256 as the only valid encryption algorithm for new implementations. It defines two standard security handlers: password-based and certificate-based (X.509 digital certificates). Permission flags are stored encrypted in the PDF's encryption dictionary and can only be modified with knowledge of the owner password. FIPS 140-2 compliance requires AES-256 for government and regulated-industry applications.
From a compliance standpoint, protecting PDFs with AES-256 is relevant for GDPR, HIPAA (US medical information), and standards such as ISO 27001. However, password protection is not equivalent to a digital signature and does not guarantee document integrity. For that, an X.509 certificate-based digital signature is required, regulated in the EU by the eIDAS Regulation and equivalent frameworks globally.