Password Protect PDF: AES Encryption That Stays in Your Browser

How PDF encryption actually works

PDF encryption follows the PDF specification (ISO 32000) and uses one of three algorithms depending on the PDF version. RC4 was the original, used in PDF 1.4 and earlier; it is now considered obsolete and is no longer the default in any reputable tool. AES-128 (PDF 1.6) is the modern default: a symmetric block cipher with a 128-bit key. AES-256 (PDF 1.7 Extension Level 3) is the newer option with a 256-bit key. Both AES variants are considered secure against brute force; the difference is mostly a wider security margin for AES-256 and slightly stricter password handling.

When you protect a PDF, the tool generates a random encryption key, encrypts the page content streams with that key, and then encrypts the key itself using a value derived from your password. To open the file later, a reader takes the password you type, derives the same value, decrypts the key, and uses the key to decrypt the pages. The PDF stores the security dictionary (algorithm, parameters, encrypted key) but does not store your password directly; that means once you lose the password, the file cannot be opened by anyone.

Why a browser-based tool is safer for this

Every other free PDF protection tool requires uploading both the file and the password to their server. The server encrypts the file and then (according to the tool's privacy policy) deletes both. Smallpdf says one hour. iLovePDF says two hours. PDF24 says one hour. Even with strong transport encryption and a stated deletion policy, this is more exposure than necessary. A password that ever leaves your device, even briefly, is a password that could be logged, intercepted, or leaked.

Gizmoop's protector uses @cantoo/pdf-lib (the maintained MIT-licensed fork of pdf-lib with encryption support). All cryptographic operations run in your browser tab, using your browser's built-in crypto primitives. The password is read from the input box into a JavaScript string, used to derive the key, and then dropped from memory when the operation finishes. No part of it reaches our infrastructure. You can verify this by opening Developer Tools, switching to the Network tab, and watching what happens when you click Protect: no requests carrying your file or password go out.

User password vs. owner password

PDF encryption supports two distinct passwords. The user password (sometimes called the "open password") is required to open the document. Without it, the reader cannot decrypt any page. The owner password (sometimes called the "permissions password") controls who can change permissions like enabling printing or copying. A user who knows only the user password can open and read the file but cannot bypass any restrictions the owner set.

For most simple use cases, both passwords are the same. Set one password, share it with the recipient, and that recipient can both open and (if they really need to) change permissions. For advanced use cases like sending a document to a client who should view it but never edit it, set distinct user and owner passwords. The client gets only the user password.

Choosing AES-128 vs. AES-256

AES-128 is the default in our tool because every PDF reader from 2006 onward supports it. Adobe Reader, Preview, Chrome's PDF viewer, Edge, Foxit, Sumatra, Okular, and every modern mobile reader all open AES-128 encrypted PDFs without complaint. The 128-bit key has no known practical attacks; brute-forcing it would take billions of years with current computers.

AES-256 (PDF 1.7 Extension Level 3) is supported by Adobe Reader 9 (2008) and later, modern Preview, recent Chrome and Edge, Foxit, and most current readers. Older readers or specialized PDF tools may fail to open AES-256 files. The wider security margin of AES-256 is unlikely to matter for any threat model that does not already justify enterprise-grade key management. Default to AES-128; switch to AES-256 only if your environment requires it.

Permissions you can lock down

The PDF spec defines several permission flags. Printing can be allowed (high resolution or low resolution only) or blocked. Copying text and images can be allowed or blocked. Modifying the document (adding pages, editing text, repositioning content) can be allowed or blocked. Annotating (highlights, comments, sticky notes) can be allowed or blocked separately. Filling form fields can be allowed even when modifying is blocked. Content access for screen readers can be allowed (recommended for accessibility) or blocked. Document assembly (insert, delete, rotate pages) can be allowed or blocked.

Important caveat: permissions are an honor-system signal. Most reputable readers respect them, but specialized tools can bypass them if the owner password is unknown. They are not a substitute for encryption when you actually want to control who can see content; they are a way to discourage casual misuse by people who can already open the file.

What encryption does not protect against

Encryption protects the file. It does not protect against a recipient who has the password from then using the content however they like. Once someone opens the PDF, they can read it, screenshot it, retype it, photograph the screen, or rebuild it page by page. PDF encryption is not DRM. If your threat model includes a recipient with intent to leak, no PDF tool will help you; you need contractual or technical controls outside the document itself.

Password strength matters more than algorithm

AES-128 and AES-256 are equally vulnerable to one thing: a weak password. The encryption key is derived from your password, so guessing the password is equivalent to having the key. Use a long password (12+ characters), mix uppercase, lowercase, digits, and symbols, and never reuse a password from another account. The strength meter in our tool gives a quick read but ultimately your password is your responsibility. Tools like Bitwarden or 1Password can generate genuinely strong unique passwords.

Sharing the password safely

Send the password via a different channel than the file. If you email the PDF, send the password by SMS, phone call, or in a separate encrypted messenger like Signal. Never send the password in the same email as the file (an attacker who reads the email gets both). For organizational use, share passwords through a password manager's sharing feature.

Working with already-protected PDFs

The tool can re-protect a PDF that you have already opened with a known password. Use our Unlock PDF tool first to remove the existing protection (you must know the password; the tool does not crack passwords), then run the unlocked file through Protect PDF with a new password. If you need to change the permissions on a protected PDF without changing the user password, the same unlock-then-reprotect workflow applies.

Comparison with iLovePDF, Smallpdf, PDF24, Sejda

iLovePDF: requires upload; gates granular permissions behind Premium prompts; 100 MB free file cap. Smallpdf: requires upload; only AES-128; caps free at 2 tasks/day. PDF24: requires upload; only AES-256; otherwise the most generous free tier among server-based tools. Sejda: requires upload; capped at 50 MB and 3 tasks per hour on free. Gizmoop: no upload, both AES-128 and AES-256, every permission flag, no quota, no signup, no file size cap. The combination is unique among free PDF tools.

What if you forget the password?

You will not be able to open the file. We cannot recover it because the password was never sent to us. No reputable tool can crack a properly chosen AES password in reasonable time. Save the password in a password manager before sharing the encrypted file. If you forget the password on a PDF you encrypted with a weak password, dictionary attacks may eventually succeed, but the time investment is significant and unreliable. Treat the password as the single point of failure that it actually is.