Protect a PDF with a password

Q: Can the password be removed?

Yes — switch to the Remove password tab, drop the file, enter the password, and PDFtez writes an unencrypted copy. If the file is restricted only at the owner-password level (printing/copying blocked, but the file opens freely), leave the password field blank and click Unlock — restrictions will be lifted.

Q: How strong does my password need to be?

For a document that's only mildly sensitive 8–10 characters is fine. For genuinely sensitive material (medical records, financial archives) use at least 14 characters, mixing case, digits, and a symbol — or use a password manager to generate one. The strength bar shows roughly how good your password is in real-time as you type.

Add a password to lock your PDF, or remove an existing one. 100% in your browser — your file never leaves your device.

🔒

Drop a PDF file here

or click to choose from your device, completely offline in your browser.

Choose a PDF

🔒 Your file stays on your device. Encryption and decryption happen entirely in your browser. Nothing is uploaded to any server.

How to protect a PDF

Drop your PDF or click to choose it.
Enter a strong password and confirm it.
Pick what users with the password can do — print, copy, edit.
Click Protect & download. The locked PDF is downloaded automatically.
Save your password somewhere safe — there's no recovery if you lose it.

What does "Protect PDF" actually do?

Protecting a PDF adds password-based encryption to the file. A PDF reader (Adobe Acrobat, Preview, Chrome, Firefox, your phone's PDF viewer) will refuse to open the document — or refuse to allow certain actions — without the correct password.

PDF encryption has two flavours, and PDFtez can apply them either separately or together:

User password (the "open" password). Without this, the PDF can't be opened at all. This is what most people mean by a "password-protected PDF". Strong, modern PDF readers use AES-256 to encrypt the file content; brute-forcing a long random password takes longer than the heat death of the universe.
Owner password + permissions (the "restrictions" password). The file opens freely, but the reader enforces restrictions like "no printing", "no copying text", "no editing", or "no filling forms". Anyone with the owner password (or with software that ignores the restrictions) can lift them. This is a soft barrier rather than hard encryption.

PDFtez lets you choose which restrictions to apply when you set a password: print, copy text, modify, and fill forms. By default print and fill forms are allowed and copy and modify are blocked — sensible defaults for sharing a document you want read but not altered.

When to use Protect PDF

Add a password whenever the document contains information you would not want a stranger to read if they intercepted the file:

Sending sensitive documents over email. Tax returns, payslips, medical records, contracts — anything you would not want to leak from a forwarded inbox or a misaddressed message.
Sharing scanned ID via insecure channels. When you have to send a passport or driver-licence scan to a real-estate agent, share it as a password-protected PDF and send the password over a different channel (text message or call).
Posting protected PDFs to client portals. Many client portals leak preview thumbnails; a password ensures only the right person can read the content.
Distributing read-only documents. Use the owner-password + restrictions flow to release a document recipients can read but not print, copy, or edit — useful for review-only versions of contracts or proposals.
Archiving personal records. Encrypt the PDFs of bank statements and tax returns before backing them up to cloud storage, so a leaked cloud account doesn't equal a leaked life history.
Removing inherited restrictions. Use the unlock side of the tool to lift permission restrictions on a PDF you own — for example, removing the "no copy" restriction from an internal report you have permission to extract from.

How PDFtez encrypts your PDFs (under the hood)

Most JavaScript PDF libraries don't support PDF encryption, which is why so few in-browser tools offer this feature. PDFtez uses @cantoo/pdf-lib — a maintained community fork of pdf-lib that adds AES password encryption. When you choose a password, the library:

Generates a random encryption key for the document.
Encrypts that key with a key derived from your password (using a key-derivation function — not just your raw password).
Encrypts the PDF's content streams with AES-256 using the document key.
Writes a new PDF that includes the encrypted content and the metadata a reader needs to ask for the password and decrypt the file when you supply it.

All of this happens inside your browser. The password you type is never sent anywhere — not to PDFtez, not to a server, not even saved in localStorage. If you lose the password there is no way to recover the file, including by us. That's the point of real encryption.

How is PDFtez Protect different from other online password tools?

Most online PDF password tools (iLovePDF, SmallPDF, PDF24, Adobe online, ilovepdf, etc.) upload your file to a server, apply the password there, and send the result back. Think about that for a second: you are protecting a sensitive document by first uploading it (unprotected) to a third party. The server briefly holds the plaintext file, the chosen password, and the encrypted output — exactly the things an attacker would want.

PDFtez does the encryption on your device. The unprotected file never leaves your computer, the password is never transmitted, and the encrypted output is generated entirely inside your browser. For a tool whose entire purpose is privacy, an in-browser implementation is the only design that makes sense.

Frequently asked questions

Is my password sent to PDFtez or stored anywhere?

No. Your password is used inside your browser to derive an encryption key and is then discarded as soon as the file is saved. It is never transmitted to any server, not saved in cookies, not saved in localStorage, and not recoverable by us. If you lose it, the file cannot be opened — by anyone, including us.

What encryption strength does PDFtez use?

AES-256, the same standard used by modern Adobe Acrobat, Microsoft Office, and US government documents. With a strong password (12+ characters, mix of letters, numbers, symbols), brute-forcing is computationally infeasible. With a short or common password ("password123"), no encryption can save you — strength is bounded by your password.

Can the password be removed?

Yes — switch to the "Remove password" tab, drop the file, enter the password, and PDFtez writes an unencrypted copy. If the file is restricted only at the owner-password level (printing/copying blocked, but the file opens freely), leave the password field blank and click Unlock — restrictions will be lifted.

How strong does my password need to be?

For a document that's only mildly sensitive (a draft contract emailed to a known recipient over a separate channel) 8–10 characters is fine. For genuinely sensitive material (medical records, financial archives) use at least 14 characters, mixing case, digits, and a symbol — or use a password manager to generate one. The strength bar shows roughly how good your password is in real-time as you type.

Will my protected PDF open in Adobe, Preview, Chrome, and on mobile?

Yes. PDFtez uses standard PDF AES encryption defined in the PDF specification, so any compliant reader can open the file — Adobe Acrobat, macOS Preview, Chrome, Firefox, Edge, and the PDF viewers in iOS, iPadOS, and Android all support it. The reader will prompt the user for the password on open.

Does it work on mobile?

Yes — Safari on iOS and Chrome on Android both work. The encryption runs in JavaScript inside your browser; modern phones have more than enough CPU for AES on documents up to several hundred megabytes.