Security

Protect PDF — Add AES-256 Password & Permissions

Set an open-password and printing / copying / editing restrictions — entirely in the browser with AES-256 encryption.

Sponsored
Ad Space — Responsive 970×90

Drop a PDF to password-protect

… or click below. Adds an AES-256 open password + permission restrictions.

Password-protect a PDF online with AES-256 — free, private, no upload

If you need to send a tax return, a contract, a medical scan, a passport copy, a board minute, or any document with information that should not be casually visible, encrypting the PDF with a password is the right move. It takes ten seconds with GN PDF, costs nothing, and — unlike every "free" alternative — runs entirely in your browser. No file leaves your device. No password gets typed into a remote form. No "we just need your email first" friction.

How to add a password to a PDF

  1. Drop your PDF onto this page, or click Choose PDF.
  2. Type a strong open password — the password recipients will need to view the file. Confirm it in the second field.
  3. Pick encryption strength. AES-256 is the modern standard and what we recommend. AES-128 is offered for compatibility with very old PDF readers.
  4. Optionally set permissions: allow / disallow printing, text copying, editing and annotation. These are enforced by every compliant PDF reader.
  5. Optionally set a separate owner password if you want to lock the permission settings independently.
  6. Click Protect & Download. Save the encrypted file. Share it. Tell the recipient the password through a different channel (call, SMS, in person — never the same email as the file).

What you can protect

  • Open password: required to view the document at all. The strongest form of protection.
  • Print restriction: recipients can read on-screen but cannot send to a printer or "Save as PDF" to circumvent.
  • Copy restriction: blocks text selection, copy, and clipboard operations.
  • Modify restriction: stops editors from changing text, removing pages, or rearranging content.
  • Annotation restriction: prevents the addition of comments, highlights, or signatures.

Practical password tips

The encryption algorithm is irrelevant if the password is "password123". A few rules:

  • Length beats complexity — 16 random characters is stronger than 8 with !@#.
  • Use a passphrase: four random words joined together is memorable and very strong.
  • Never send the password in the same email as the file. Use SMS, a phone call, or a separate secure-share link.
  • Use a different password per recipient if the file is sensitive enough.

What we do NOT do

We don't keep a copy. We don't escrow the password. We don't have a "forgot password" link — because there isn't one. If you lose the password, the file is gone for practical purposes. That is the design of strong encryption. Treat the password the same way you'd treat the key to a safe.

Sponsored
Ad Space — In-Article

When to use Protect PDF instead of (or in addition to) other tools

  • vs. Watermark: Watermarking deters casual misuse and identifies a copy. Encryption stops people from opening it at all. Sensitive files usually need both — watermark with the recipient name, then encrypt.
  • vs. Redact: Redaction permanently removes the sensitive content from inside the file (use our Redact PDF tool). Encryption hides the whole file. Use redaction when only a few fields are sensitive; use encryption when the whole document is.
  • vs. Server-side encryption services: Server-side tools are convenient but ask you to trust a stranger with your private file. GN PDF moves the entire encryption step to your browser, which is the only architecture that genuinely respects your privacy.

About this tool

Protect PDF uses the standard PDF 2.0 AES-256 encryption handler (revision 6) implemented in JavaScript and the browser's Web Crypto API. The PDF specification, the algorithm, and the password derivation function (PBKDF2-style) are well-documented public standards. The resulting file is fully compatible with Adobe Acrobat, Apple Preview, Foxit Reader, Sumatra, the built-in viewers in Chrome / Edge / Firefox, and every other compliant PDF software.

Frequently asked questions

Is the encryption real AES-256?
Yes. We use a pdf-lib build that implements the standard PDF AES-256 (revision 6) encryption handler — the same algorithm Adobe Acrobat uses. The password is processed in your browser, and the resulting file opens in Adobe Reader, Apple Preview, Foxit, Chrome, Edge, and every other compliant PDF viewer.
What is the difference between open password and owner password?
The open password is required to view the file at all. The owner password only locks the permissions — anyone can open the document with the open password, but only someone with the owner password can change printing / copying / editing rights. If you leave the owner password blank, we use the open password for both.
Can the password be recovered if I forget it?
No. That is the entire point of encryption. There is no backdoor. Save the password somewhere safe — a password manager is ideal — before sharing the file.
Does the password go to your server?
Never. The entire encryption step runs locally in your browser. We don't see the password, the file, or even the file name.
Will this work on already-encrypted PDFs?
You will need to unlock the existing protection first using our Unlock PDF tool (with the current password), then re-protect it here with the new password.