How to encrypt a PDF with & without a password

How to encrypt PDF files to prevent unauthorized access, sharing, copying, editing

How to encrypt PDF files with & without passwords to prevent unauthorized access, copying, sharing, editing.  Why PDF encryption with passwords is useless.

  PDF files and encryption

Document encryption categories can typically be divided into two categories: those that use passwords and those that use more secure encryption keys.

Here we show you how to:

1. Encrypt a PDF with a password
   1. Encrypt a PDF online
   2. Encrypt a PDF with an expiring password
   3. Encrypt a PDF on a Mac
   4. Encrypt a PDF using MS Word
2. Encrypt a PDF without a password
   1. Encrypt a PDF using PKI
   2. Encrypt a PDF using DRM

As well as the advantages and disadvantages of each protection method.

  Encrypted PDF meaning

An encrypted PDF refers to a Portable Document Format file that has utilized encryption technologies to become unreadable without the correct tools or passwords.  The idea is to protect sensitive information contained in the PDF document from malicious or unauthorized readers.

In Adobe Acrobat password encryption, a user can enter a combination of numbers, letters, and symbols to protect a randomly generated encryption key that is used to encrypt the contents of their document.  This is achievable with a range of modern encryption algorithms, including 265-bit AES, 128-bit AES, and RSA.

Once the PDF has been scrambled by the encryption algorithm, only the entry of the correct password can decrypt the contents and enable access.

   PDF password encryption: benefits and drawbacks

PDF passwords have some uses, but you should be aware of their advantages and disadvantages before you use them for anything serious.

  Benefits

Passwords have been around for thousands of years, and using them to encrypt PDF files has several benefits:

• Passwords are easy to explain to users.  Most employees are already trained on what makes a secure password because it is a common internet security method.
• If strong encryption is used, only people who know the password can open the document.
• It doesn’t require additional software – you can password-protect a PDF from many PDF reader applications.
• Users can store their passwords in a password manager as an encrypted file.  In this case, the authentication method cannot be extracted from a server or computer (i.e from a plain text file).

  Drawbacks

Unfortunately, the drawbacks of password-protected PDFs outweigh the benefits for most businesses:

• Passwords are easy to share.  You can’t stop authorized users from sharing them with unauthorized ones.   This grants them access to encrypted documents.
• If a user knows the open password for a PDF then they can remove it.
• Hackers have been devising ways to crack passwords for decades.  Password brute force can rapidly try thousands of combinations from dictionaries of common terms and phrases.
• Only very long and complex passwords are resistant to brute force or dictionary attacks.  And to avoid putting all of your eggs in one basket, different documents need different passwords.   Practically, it becomes impossible to remember passwords at scale and so ultimately a password infrastructure must be in place if you want to maintain security.
• You have to send passwords securely to each user for each document – that requires management overheads and associated costs.
• You will need a tech support infrastructure too since users will regularly forget the passwords to their documents.
• Password resets cost businesses approx. $70 each so valuable time and money is lost.
• Passwords are easier to phish or social engineer than other authentication methods.
• You won’t know if a password has been compromized and can’t change it even if you do.
• Acrobat PDF password encryption is not secure as there are no integrity checks/control.  Researchers have been able to reliably extract information from an encrypted PDF using direct exfiltration and malleability attacks.
• Editing and printing protections are not protected by encryption and are therefore easily bypassed.

   How to encrypt a PDF with a password

There are several instances where PDF password encryption may provide “good enough” protection for your use case.  For example, when you are just looking to protect some personal files on your computer or in a cloud service when they are not in use.  Below we’ll show you how to encrypt a PDF with a password with one of the most popular PDF editors, Adobe Acrobat Pro DC:

1. Open your PDF in Adobe Acrobat and press the ‘Protect’ button on the right-hand side (the shield icon).
   
2. Press ‘Advanced Options > Encrypt with Password’ in the top bar.
   
3. In the PDF password security dialogue, enter a PDF open password to use as the encryption key.  Optionally, add a permissions password to control editing and printing – but be aware that this can be easily removed once the document has been opened.
   
4. In the ‘Options’ section, click the dropdown next to ‘Compatibility’ and choose Adobe Acrobat X or later for the best security.  Adobe Acrobat 7’s 128-bit encryption is also acceptable, since that uses the AES algorithm rather than RC4.  RC4 is an old stream cipher which is considered broken and should not be used.
   
5. Once you have made your selections, click ‘OK’.  You will once again be asked to confirm your password before the changes are permanently saved.

  Encrypting a PDF with an expiring password

Encrypting a PDF with an expiring password is one-way providers try to deliver added security.  The intention is usually to:

• Make passwords expire as soon as they are used to prevent sharing with others.
• Limit how long a leaked password is useful to unauthorized users by making it active only for a reasonable period.
• Prevent outdated documents from remaining in circulation.

Encrypting a PDF with an expiring password has one simple but critical issue: the document has already been decrypted before the password expires.  Unless it is decrypted in memory, users can remove a PDF password in various ways before it expires.  Expiring passwords are of limited use unless the solution has strong anti-circumvention controls and is still subject to the rest of password security’s limitations.

   How to encrypt a PDF file with a password on a Mac

To encrypt a PDF file with a password on a Mac, use the built-in “Preview” program.  Here’s how:

1. Double-click on the PDF file you want to encrypt to open it in Preview.
2. Press the “i” icon at the top of your Preview window.
   
3. In the dialog box that appears, press the padlock icon and tick “Require Password to Open Document”.  The exact text and UI elements may differ depending on your macOS version.
   
4. You will be prompted to set a password for your PDF file.  Enter a strong password that you will remember, as this will be required whenever you want to open the encrypted PDF.  You can optionally set an owner password, too.  Press “Apply”.
   
5. Press ⌘ + S to save the document and its password.
   

When you try to open the encrypted PDF file, you will now be prompted to enter the password you set.  Without the correct password, it will not be possible to access the file’s contents.

Note:  If your PDF file is stored in Google Docs, you will first need to save a copy of the file to your Mac desktop before you can encrypt it.  Once you have the local copy, you can follow the same encryption steps mentioned above.

   How to encrypt a PDF with a password using MS Word

If you have a Word doc that you want to save as PDF and encrypt it with a password, you can do that directly in MS Word.

Here’s how to encrypt a PDF file with a password using Word on a PC:

1. Open the Word document that you want to save as a PDF.
2. Click on the “File” tab, and in the drop-down menu, select the “Save As” option.
   
3. In the “Save as type” dropdown, select “PDF (*.pdf)” as the file format, choose a save location for the PDF file, and give it a name.
   
4. Underneath the file format box, click on the link labeled “More options.”
   
5. A file Explorer window will appear.  Click on the “Options” button.
   
6. In the options menu, select the checkbox next to “Encrypt document with a password.”
   
7. Enter a strong password in the provided fields and press “OK”.  It is recommended to use a combination of at least 16 letters, numbers, and special characters.  Press “Save” to encrypt the PDF.
   

Your Word document will be saved as a PDF file with encryption.  If someone tries to open the PDF in Microsoft Office or any other program, they will be prompted to enter the password you set.

Note that this is a quick way to encrypt a PDF using Word but you can also convert a Word doc to PDF before encrypting it and insert a PDF into Word securely using better protection methods.

   PDF encryption without passwords

Though passwords are a common way to implement PDF encryption, they are certainly not the only one.  Rather than allowing a password to open a document, organizations can encrypt a PDF with public key cryptography, which utilizes pairs of public and private keys.  Examples of these are:

1. Public Key Infrastructure or Certificate encryption

   A system of technologies, processes, policies, and certificates.  Though more secure, than password protection, it is also more complex, and users are provided with PKI credentials, which they can still give to others and are often mismanaged.  PKI solutions include the PDF certificate encryption offered in Adobe Reader and PGP encryption.  Our blog on PDF passwords vs certificates for encryption covers certificate encryption in more detail.

2. PDF DRM with transparent key management

   Uses PKI technology to identify users, but never issues these credentials to users directly.  Instead, it stores keys in an encrypted wallet that cannot be transferred to others (locked to the device).  Locklizard uses a secure and transparent key management system – there are no public/private key pairs to generate or manage, and users are never privy to decryption keys.

   How to encrypt a PDF with public key cryptography

Public key cryptography is the most popular way to encrypt PDFs without a password.  There are several ways to encrypt a PDF using public key cryptography, including PDF certificates, but the most routine method is PGP encryption.

The full process goes something like this:

1. You and your recipient use an application such as FileAssurity OpenPGP to generate linked private and public key pairs.
2. Your recipient shares their public key with you but keeps their private key secret.
3. You add their public key to your software app, open the PDF, and encrypt it using their public key.
4. The recipient opens the PDF using their private key.  Only they can open it since the private key is linked to the public key that was used to encrypt the document.

You can see how to encrypt a document with PGP for a step-by-step guide, but do keep in mind its limitations.  When you encrypt a PDF with public key technology it is only protected in transit and at rest, not while somebody is using it.  Once a user has decrypted the PDF, the protection is gone, allowing them to share and modify it at will.

  How to encrypt a PDF with DRM

The process to encrypt a PDF without a password with Locklizard is not long or complex.  It’s just as easy as using Adobe Acrobat to encrypt PDF files.

1. Right-click on the PDF and choose “Make secure PDF”.
   
2. Move through the tabs and select the copy protection controls you want to apply.  By default, editing, copying, and printing are disabled.  Screenshot prevention can be found in the environment controls tab.
   
3. Press the Publish button to protect the PDF.
   
4. Select the users you want to give access to your encrypted PDF files using the cloud-based Admin System.  See how to add a new user and grant them document access.
   

With that done, only the users you have authorized in your admin panel will be able to open the document.  They won’t be able to share access with others, including through screenshotting, printing, or copying and pasting once they have the document open.

   PDF DRM: benefits and drawbacks

PDF DRM signifies a major improvement over solutions such as passwords, standard PKI solutions, and PGP encryption.  That is not to say it is perfect, though.  It comes with clear pros and cons.

  Benefits

For this blog, we’ll be focusing on Locklizard DRM, as it addresses the main issues with the other encryption methods mentioned:

• As users never see the encryption key or password, they cannot share them with others to grant access to the PDF.  The keys are stored in an encrypted location and the solution stops keys from functioning once they leave a user’s device.
• There is no password for the attacker to brute force, only the 256-bit AES encryption algorithm, which would take millions of years with current computing technology.
• You don’t have to worry about users forgetting passwords or costly password resets.
• You do not have to worry about users choosing insecure passwords – the key is randomly and automatically generated with no input from the person protecting the document.
• Users do not need to remember or manually store their encryption key or password – everything is handled automatically in the background.
• There is nothing for attackers to phish or social engineer as the end-user never knows the encryption key.
• Editing and printing controls cannot be bypassed as the document is only ever decrypted in memory and processed in a secure Viewer app.
• You can add dynamic watermarks to documents that display the reader’s name to prevent screen photos, photocopies, etc.
• Screenshot prevention stops OCR conversion and other sharing.

  Drawbacks

Unfortunately, no system is perfect:

• You have to purchase, install and set up a separate solution to encrypt your PDF documents.  Locklizard offers reasonable and flexible pricing and setup, but it is not free.
• PDFs can only be opened in a separate secure viewer application, otherwise editing, printing, and screenshotting controls would not be enforceable.

For most businesses, these are a small price to pay to prevent leaks and misuse of their sensitive and confidential documents.

   The best PDF encryption software

Most PDF encryption utilities offer rudimentary security, either relying on insecure passwords, allowing keys to be shared, or doing nothing to protect the document while it is in use.  Through its combination of secret key transfer and storage, secure licensing, and a secure viewer application, Locklizard addresses these major shortcomings.

With Safeguard PDF DRM security, you can prevent unauthorized access and stop copying, editing, printing, saving, screenshots, and sharing.  But the controls go much further than those you will see in basic PDF permissions, allowing you to:

• Expire access to your PDF after a certain date
• Easily add dynamic watermarks that identify the reader
• Manually revoke users’ access or revoke access to a document for everyone, regardless of where the document is stored
• Limit the number and quality of prints
• Lock access to specific devices, locations, and IP addresses
• Track document opens and prints
• Automate protection and license delivery through API integration

This approach gives businesses the flexibility to encrypt their PDF files with the controls that match their use case without compromising on security.

To see why Locklizard is the best way to encrypt a PDF, take a 15-day free trial of our PDF DRM software.

   FAQs

How easy is it to crack password encrypted PDF files?

It is very simple to crack a PDF encrypted with a password – you just have to download an application such as Elcomsoft and press a button.  How long it takes will depend on a number of factors, including the encryption algorithm used (old, 40-bit encryption can be cracked instantly) and the length, complexity, and uniqueness of the password.

How do I encrypt a PDF with a password without Adobe Acrobat?

Several other applications allow you to encrypt a PDF with a password, including Foxit, SmallPDF, Nitro PDF, PDF Candy, etc.  They all use the same methods as Adobe.

How do I encrypt a PDF for free?

Use a PDF editor that allows you to add PDF encryption using passwords for free.  Some examples include SmallPDF, PDF Candy, or the Adobe site.  However, be cautious when you upload PDF files to an external site – you have no way of knowing what they are doing with your original PDF or how secure their servers are.

How do I remove the password from encrypted PDF files?

Use a PDF password-cracking program such as Elcomsoft, Passper, PassFab, etc.  Once they have guessed the password, these applications will deliver an unencrypted PDF file.

How do I send an encrypted PDF without a password online?

If you encrypt a PDF without a password using Locklizard Safeguard, you can distribute the encrypted PDF file however you like, including on a public-facing website, via email, etc.  Only the devices you have authorized will be able to view the PDF file, regardless of where it is hosted or the service it is sent through.

Does Locklizard let me encrypt PDF files on a Mac?

Users can access Locklizard encrypted PDFs across Mac OS, iOS, Android, and Windows.  However, the Safeguard Writer software which encrypts PDF files is only available on Windows.  If you would like to encrypt a PDF on a macOS device, we recommend a VM or VPS.

What encryption algorithm does Locklizard use to encrypt PDF files?

AES 256 bit.

Are Locklizard encrypted PDF files easy to decrypt?

Only authorized users can decrypt Locklizard encrypted PDF files.  To do so, they must download and install the Locklizard secure PDF viewer app and have activated their license.  Alternatively, they must have been given access to the secure web viewer which decrypts PDF files online.

Why does Locklizard not password protect PDF files?

There are many reasons why Locklizard does not use password protection, from both a security point of view and key management.  We cover this in detail in our blog on How to password protect a PDF and why it is not secure.

When encrypting a PDF can you compress it?

Yes, Locklizard enables you to select optimization options when encrypting a PDF which enable you to sanitize and compress PDF files.

Is it easy to remove PDF encryption?

Yes if it has been encrypted with a password and a weak password has been used.  For example, a 7 character mixed letter case password with numbers and symbols can be cracked in 6 minutes or less.