Password protect PDF files online for free with AES-128 encryption. Set user & owner passwords, control printing and copying — 100% browser-based, no upload, your file never leaves your device.
Drop your PDF here or click to select
Add AES-128 password encryption — processed entirely in your browser
Enter a password to see strength.
The owner password bypasses the permission restrictions below. If blank, the user password is used for both.
PDF protected with AES-128 encryption
Keep your password safe — it cannot be recovered if lost.
Pages
-
Original Size
-
Protected Size
-
Password Protect PDF adds AES-128 encryption to your PDF files directly in your browser. Once protected, the PDF requires the correct password to open — content, text, and metadata are all encrypted using cryptographically secure algorithms. All encryption runs locally using a pdf-lib fork that implements the PDF 1.7 Standard Security Handler. Your file and password are never uploaded to any server.
PDF supports two separate passwords: the user password is required to open the document, while the owner password allows full access and bypasses permission restrictions. Setting both lets you share the user password with readers who can only do what you allow (e.g., read but not print), while keeping the owner password for yourself to retain full editing control.
Essential terms and definitions related to Password Protect PDF — AES Encryption.
Advanced Encryption Standard with a 128-bit key, adopted as a US federal standard and used worldwide in banking, TLS/HTTPS, disk encryption, and PDF protection. AES-128 is considered cryptographically secure — brute-forcing a random 128-bit key would take billions of years with current technology.
The encryption subsystem built into the PDF specification. Revision 4 uses AES-128 with granular permissions, and is the format used by this tool. Revision 5/6 use AES-256 and are supported by modern viewers but not universally.
The password required to open and read the PDF. Without it, the document content is encrypted and unreadable even with PDF-editing software.
A higher-privilege password that bypasses the permission restrictions placed on the document. Holders of the owner password can open the PDF and perform all actions regardless of the restrictions set on readers with the user password.
A set of flags in the encryption dictionary that tell conforming PDF viewers which actions to allow when the document is opened with the user password. Standard flags include printing, copying, modifying, annotating, form filling, assembly, and accessibility. Enforcement is advisory — protection comes from the encryption itself.
No. Encryption happens entirely in your browser using the PDF Standard Security Handler implementation. Your file and password are never transmitted or stored remotely. When you close the tab, the password disappears from memory, leaving only the encrypted file you downloaded.
This tool uses AES-128 bit encryption (PDF Standard Security Handler Revision 4), which is the widely supported PDF encryption standard. AES-128 is cryptographically secure — there is no practical attack against it besides brute-forcing the password. Virtually every PDF viewer on desktop, mobile, and web supports AES-128 encryption.
The <strong>user password</strong> is required to open the document. The <strong>owner password</strong> is required to bypass the permission restrictions you set (printing, copying, editing, etc.). If you leave the owner password blank, the tool uses your user password for both. Setting them separately is useful when you want to share the open password with readers while retaining owner rights for yourself.
Yes. After the password is entered, the PDF enforces fine-grained permissions: print (yes/no), copy text and graphics (yes/no), edit/modify content (yes/no), add annotations (yes/no), fill forms (yes/no), document assembly (yes/no), and content accessibility (highly recommended to keep enabled for screen readers). Most viewers respect these flags; a few (like some rare third-party tools) may ignore them, which is why encryption is the primary barrier.
No. AES-128 is cryptographically strong — there is no backdoor, recovery mechanism, or "reset" option. If you lose the password, the only way to open the PDF is to remember or guess it. Always store the password in a trusted password manager (1Password, Bitwarden, KeePass) immediately after creating it.
At minimum, use 12 characters combining uppercase letters, lowercase letters, digits, and symbols. Longer is always better — a 16-character passphrase like <code>Correct-Horse-Battery-99</code> is easier to remember and harder to crack than a short random string. Never reuse a password you use for other accounts. Avoid common words, birth dates, and keyboard patterns (qwerty, 12345).
Common errors developers encounter and how to resolve them.
PDF opens without asking for a password Some older viewers cache previously-opened files and skip the prompt. Close the viewer completely and re-open the file. You can also verify encryption by attempting to open the PDF in a different viewer (Chrome's built-in PDF viewer, Firefox, or Adobe Reader).
Viewer says "This PDF has restricted permissions" but still opens This is expected behavior. The user password restricts full-access features only — if printing, copying, or editing was disabled during protection, the viewer will show this notice but the document remains readable.
Encryption fails with "Failed to protect PDF" This happens when the source PDF is already encrypted or uses an uncommon PDF structure. Run the file through the Unlock PDF tool first to remove existing encryption, then apply new protection. If the file is not encrypted but still fails, try the PDF Compressor tool to rebuild the file structure.
Printing remains enabled even when I disabled it Some PDF viewers ignore permission flags (notably certain mobile viewers and browser built-ins). Permissions are advisory enforcement by the viewer. The encryption itself is what prevents unauthorized access — for strict printing prevention, consider additional methods like DRM systems beyond standard PDF encryption.