Protect PDF: Free AES-256 Encryption
Add password protection and permission controls to any PDF. AES-256 encryption with full permission control — all processed in your browser. 100% private, your files and password never leave your device.
AES-256 Encryption
The strongest PDF encryption standard (PDF 2.0). Same level of protection used by banks, governments, and Adobe Acrobat.
Permission Controls
Restrict printing, editing, copying, and content extraction independently. Set both user and owner passwords for layered security.
100% Private
Your password and files never leave your device. The encryption engine runs entirely in your browser — not on a server.
Protect PDF with Password
AES-256 encryption powered by Web Crypto API
Your PDF never leaves your browser. Our encryption engine runs entirely in JavaScript using the Web Crypto API — no server uploads, no network requests, complete privacy.
Drag & drop PDF to protect
or click to select file
A Technical Achievement
Full AES-256 PDF encryption running entirely in your browser
The Challenge We Solved:
- ▸PDF 2.0 Spec: AES-256 encryption requires Algorithm 2.B (iterative SHA-256/384/512 + AES-128-CBC key derivation).
- ▸Per-Object Encryption: Every string and stream in the PDF must be individually encrypted with unique IVs.
- ▸Zero Dependencies: Built on Web Crypto API + pdf-lib only — no heavyweight crypto libraries needed.
Our Solution:
- ✓Web Crypto API: Hardware-accelerated AES-256-CBC + SHA-256/384/512 via the browser's native crypto
- ✓ISO 32000-2 Compliant: Implements Algorithms 2.B, 8, 9, 10 — verified against pdf.js and Adobe Acrobat
- ✓Dual Algorithm Support: AES-256 (V=5, R=6) for modern security + RC4 128-bit (V=2, R=3) for legacy compatibility
- ✓Full Permission Control: 8 independent permission flags (print, copy, modify, annotate, forms, extract, assemble, hi-res print)
For Developers:
Interested in adding PDF encryption to your own projects? We've open-sourced our encryption engine as npm packages with both AES-256 and RC4 support.
@pdfsmaller — AES-256 + RC4 • ISO 32000-2 compliant • Web Crypto API • Zero heavy dependencies • Browsers, Workers, Deno
True Privacy Without Compromises
Your files never leave your browser — not even for a millisecond
🚫 What We DON'T Do:
- ❌ Upload your files anywhere
- ❌ Send data to any server
- ❌ Make any network requests
- ❌ Store or cache your files
- ❌ Track or analyze your data
- ❌ Share with third parties
✅ What We DO:
- ✓ Encrypt in your browser's memory
- ✓ Use Web Crypto API (hardware-accelerated)
- ✓ Process in milliseconds
- ✓ Return encrypted file immediately
- ✓ Release memory after download
- ✓ Work completely offline
Lightning Fast
AES-256 encryption in seconds
AES-256
Same encryption as banks and governments
Universal
Works with all modern PDF readers
Password Protect PDF Files Online
Need to password protect a PDF? Our free PDF encryption tool adds AES-256 encryption to your documents entirely in your browser. Unlike iLovePDF or SmallPDF that upload your sensitive files to remote servers before encrypting them, our tool never transmits your document or password — everything runs as JavaScript on your device using the Web Crypto API. This is the most private way to protect a PDF online.
Understanding PDF Security
PDF documents support two types of password protection, and understanding the difference is key to securing your files properly:
User Password (Open Password)
Required to open the PDF at all. Without this password, the document cannot be viewed. This is the strongest form of protection.
Use when: You want only specific people to access the document contents.
Owner Password (Permissions Password)
Controls what users can do with the PDF after opening it. Restrict printing, editing, copying text, and content extraction independently.
Use when: You want people to view but not print, copy, or edit the document.
Our Browser-Side Encryption Engine
Most online PDF tools upload your file to a server, encrypt it there, and send it back. This means your unencrypted document and your chosen password travel across the internet and exist on someone else's server, even if briefly.
We took a different approach. We built a complete AES-256 PDF encryption engine that runs entirely in your browser. It uses the Web Crypto API for hardware-accelerated AES-256-CBC and SHA-256/384/512 operations, implements the full ISO 32000-2 standard (Algorithms 2.B, 8, 9, and 10), and encrypts every string and stream object in the PDF with unique initialization vectors — all without making a single network request.
You can verify this yourself: open your browser's Developer Tools (F12), switch to the Network tab, and protect a PDF. You'll see zero outgoing requests. Your file and password literally cannot leave your device because there is no server endpoint to send them to.
How to Password Protect a PDF
- Select your PDF file from your device or drag and drop
- Choose a strong password for your PDF
- Set permissions (optional): restrict printing, editing, and copying
- Click Protect and download your encrypted PDF instantly
When You Need to Protect a PDF
Business Reports
Protect confidential financial reports, board presentations, and strategy documents before sharing with stakeholders.
Medical Records
Add password protection to patient records and medical documents to comply with HIPAA requirements when sharing electronically.
Legal Documents
Secure contracts, legal briefs, and attorney-client privileged documents with encryption before email transmission.
Financial Statements
Protect bank statements, tax returns, and financial records with passwords before sharing with accountants or advisors.
Tax Returns
Add encryption to completed tax forms containing sensitive personal and financial information before emailing to your CPA.
HR Documents
Protect employee records, offer letters, performance reviews, and salary information with restricted access.
PDF Smaller vs Other PDF Protection Tools
| Feature | PDF Smaller | iLovePDF | SmallPDF | Adobe Acrobat |
|---|---|---|---|---|
| Price | 100% Free | $6-9/month | $12/month | $20/month |
| Password Never Sent to Server | Yes | No | No | Desktop only |
| Permission Controls | Full (8 flags) | Yes | Basic | Full |
| Encryption | AES-256 | AES 128/256 | AES 128 | AES 256 |
| Works Offline | Yes* | No | No | Desktop only |
*After initial page load, the encryption engine works without internet connection.
Frequently Asked Questions
What type of encryption does this tool use?
We use AES-256 encryption by default, which is the strongest PDF encryption standard (PDF 2.0, V=5, R=6). This is the same level of encryption used by banks, governments, and Adobe Acrobat. We also offer RC4 128-bit as a legacy option for compatibility with very old PDF readers.
How secure is AES-256 encryption?
AES-256 is the gold standard of symmetric encryption. It would take billions of years to brute-force a 256-bit AES key with current technology. Your password-protected PDFs are as secure as the password you choose — use at least 12 characters with a mix of letters, numbers, and symbols.
What is the difference between owner and user passwords?
The user password (open password) is required to open the PDF at all. The owner password controls permissions like printing, editing, and copying. You can set both for maximum security, or just the user password to simply restrict who can view the document.
Can I restrict printing but allow viewing?
Yes! You can set granular permissions to allow viewing while restricting printing, editing, copying, or any combination. We support all 8 PDF permission flags: printing, high-quality printing, copying, modifying, annotating, form filling, extraction, and page assembly.
Will all PDF readers respect the restrictions?
All major PDF readers (Adobe Acrobat, Preview, Chrome, Edge, Firefox) enforce PDF permission restrictions. Some third-party tools may bypass owner-only restrictions, but a user password always prevents unauthorized access.
Can I protect multiple PDFs at once?
Currently the tool processes one PDF at a time to ensure you can set unique passwords for each document. For batch protection with the same password, process each file individually — it only takes a few seconds per file.
Is my password stored anywhere?
No. Your password never leaves your browser. The entire encryption process runs as JavaScript in your browser using the Web Crypto API. There is no server involved — you can verify this by checking your browser's Network tab during encryption. Zero requests are made.
Can I remove the password later?
Yes! Use our free Unlock PDF tool to remove passwords from PDFs you own. You will need to know the current password to unlock the file.
Does encryption increase the file size?
AES-256 encryption adds slightly more overhead than RC4 due to per-object IVs and PKCS#7 padding, but typically less than 5% of the original file size. RC4 adds less than 1%. Both produce files virtually the same size as the original.
Can I password-protect a PDF on my phone?
Yes! Our tool works on any device with a modern browser. The encryption engine runs entirely in JavaScript using the Web Crypto API, so it works on iPhones, Android phones, tablets, and desktop computers — no app installation required.