How to encrypt a PDF with & without a password
How to encrypt PDF files to prevent unauthorized access, sharing, copying, editing
How to encrypt PDF files with & without passwords to prevent unauthorized access, copying, sharing, editing. Why PDF encryption with passwords is useless.
Document encryption categories can typically be divided into two categories: those that use passwords, and those that use more secure encryption keys. Here we show you how to encrypt a PDF with a password and how to encrypt a PDF without a password, as well as the advantages and disadvantages of each protection method.
PDF password encryption: benefits and drawbacks
What does it mean to encrypt a PDF with a password?
In Adobe Acrobat password encryption, a user can enter a combination of numbers, letters, and symbols to protect a randomly generated encryption key that is used to encrypt the contents of their document. This is achievable with a range of modern encryption algorithms, including 265-bit AES, 128-bit AES, and RSA.
Once the PDF has been scrambled by the encryption algorithm, only the entry of the correct password can decrypt the contents and enable access.
Benefits
Passwords have been around for thousands of years, and using them to encrypt PDF files has several benefits:
- Passwords are easy to explain to users. Most employees are already trained on what makes a secure password.
- If strong encryption is used, only people who know the password can open the document.
- It doesn’t require additional software – you can password-protect a PDF from many PDF reader applications.
- Users can store their passwords in a password manager as an encrypted file. In this case, the authentication method cannot be extracted from a server or computer (i.e from a plain text file).
Drawbacks
Unfortunately, the drawbacks of password-protected PDFs outweigh the benefits for most businesses:
- Passwords are easy to share. You can’t stop authorized users from sharing them with unauthorized ones. This grants them access to encrypted documents.
- If a user knows the open password for a PDF then they can remove it.
- Hackers have been devising ways to crack passwords for decades. Password brute force can rapidly try thousands of combinations from dictionaries of common terms and phrases.
- Only very long and complex passwords are resistant to brute force or dictionary attacks. And to avoid putting all of your eggs in one basket, different documents need different passwords. Practically, it becomes impossible to remember passwords at scale and so ultimately a password infrastructure must be in place if you want to maintain security.
- You will need a tech support infrastructure too since users will regularly forget the passwords to their documents.
- Password resets cost businesses approx. $70 each so valuable time and money is lost.
- Passwords are easier to phish or social engineer than other authentication methods.
- You won’t know if a password has been compromized and can’t change it even if you do.
- Acrobat PDF password encryption is not secure as there are no integrity checks/control. Researchers have been able to reliably extract information from an encrypted PDF using direct exfiltration and malleability attacks.
- Editing and printing protections are not protected by encryption and are therefore easily bypassed.
How to encrypt a PDF with a password
There are several instances where PDF password encryption may provide “good enough” protection for your use case. For example, when you are just looking to protect some personal files on your computer or in a cloud service when they are not in use. Below we’ll show you how to encrypt a PDF with a password with one of the most popular PDF editors, Adobe Acrobat Pro DC:
- Open your PDF in Adobe Acrobat and press the ‘Protect’ button on the right-hand side (the shield icon).
- Press ‘Advanced Options > Encrypt with Password’ in the top bar.
- In the PDF password security dialogue, enter a PDF open password to use as the encryption key. Optionally, add a permissions password to control editing and printing – but be aware that this can be easily removed once the document has been opened.
- In the ‘Options’ section, click the dropdown next to ‘Compatibility’ and choose Adobe Acrobat X or later for the best security. Adobe Acrobat 7’s 128-bit encryption is also acceptable, since that uses the AES algorithm rather than RC4. RC4 is an old stream cipher which is considered broken and should not be used.
- Once you have made your selections, click ‘OK’. You will once again be asked to confirm your password before the changes are permanently saved.
PDF encryption without passwords: benefits and drawbacks
Though passwords are a common way to implement PDF encryption, they are certainly not the only one. Rather than allowing a password to open a document, organizations can utilize public key cryptography, which utilizes pairs of public and private keys. Examples of these are:
Public Key Infrastructure or Certificate encryption
A system of technologies, processes, policies, and certificates. Though more secure, than password protection, it is also more complex, and users are provided with PKI credentials, which they can still give to others and are often mismanaged. PKI solutions include the PDF certificate encryption offered in Adobe Reader and PGP encryption. Our blog on PDF passwords vs certificates for encryption covers certificate encryption in more detail.
PDF DRM with transparent key management
Uses PKI technology to identify users, but never issues these credentials to users directly. It instead stores keys in an encrypted wallet that cannot be transferred to others (locked to the device). Locklizard use a secure and transparenent key management system – there are no public/private key pairs to generate and users are never privy to decryption keys.
Benefits
For this blog, we’ll be focusing on Locklizard DRM, as it addresses the main issues with the other encryption methods mentioned:
- As users never see the encryption key or password, they cannot share them with others to grant access to the PDF. The keys are stored in an encrypted location and the solution stops keys from functioning once they leave a user’s device.
- There is no password for the attacker to brute force, only the 256-bit AES encryption algorithm, which would take millions of years with current computing technology.
- You don’t have to worry about users forgetting passwords or costly password resets.
- You do not have to worry about users choosing insecure passwords – the key is randomly and automatically generated with no input from the person protecting the document.
- Users do not need to remember or manually store their encryption key or password – everything is handled automatically in the background.
- There is nothing for attackers to phish or social engineer as the end-user never knows the encryption key.
- Editing and printing controls cannot be bypassed as the document is only ever decrypted in memory.
- You can add dynamic watermarks to documents that display the reader’s name to prevent screen photos, photocopies, etc.
- Screenshot prevention stops OCR conversion and other sharing.
Drawbacks
Unfortunately, no system is perfect:
- You have to purchase, install and set up a separate solution to encrypt your PDF documents. Locklizard offers reasonable and flexible pricing and setup, but it is not eliminated.
- PDFs can only be opened in a separate secure viewer application, otherwise editing, printing, and screenshotting controls would not be enforceable.
For most businesses, these are a small price to pay to prevent leaks and misuse of their sensitive and confidential documents.
How to encrypt a PDF without a password
The process to encrypt a PDF without a password with Locklizard is not long or complex. It’s just as easy as using Adobe Acrobat to encrypt PDF files.
- Right-click on the PDF and choose “Make secure PDF”.
- Move through the tabs and select the copy protection controls you want to apply. By default, editing, copying, and printing are disabled. Screenshot prevention can be found in the environment controls tab.
- Press the Publish button to protect the PDF.
- Select the users you want to give access to your encrypted PDF files using the cloud-based Admin System. See how to add a new user and grant them document access.
With that done, only the users you have authorized in your admin panel will be able to open the document. They won’t be able to share access with others, including through screenshotting, printing, or copying and pasting once they have the document open.
The best PDF encryption software
Most PDF encryption utilities offer rudimentary security, either relying on insecure passwords, allowing keys to be shared, or doing nothing to protect the document while it is in use. Through its combination of secret key transfer and storage, secure licensing, and a secure viewer application, Locklizard addresses these major shortcomings.
With Safeguard PDF DRM security, you can prevent unauthorized access and stop copying, editing, printing, saving, screenshots, and sharing. But the controls go much further than those you will see in basic PDF permissions, allowing you to:
- Expire access to your PDF after a certain date
- Easily add dynamic watermarks that identify the reader
- Manually revoke users’ access or revoke access to a document for everyone, regardless of where the document is stored
- Limit the number and quality of prints
- Lock access to specific devices, locations, and IP addresses
- Track document opens and prints
- Automate protection and license delivery through API integration
This approach gives businesses the flexibility to encrypt their PDF files with the controls that match their use case without compromising on security.
To see why Locklizard is the best way to encrypt a PDF, take a 15-day free trial of our PDF DRM software.
FAQs
How easy is it to crack password encrypted PDF files?
It is very simple to crack a PDF encrypted with a password – you just have to download an application such as Elcomsoft and press a button. How long it takes will depend on a number of factors, including the encryption algorithm used (old, 40-bit encryption can be cracked instantly) and the length, complexity, and uniqueness of the password.
How do I encrypt a PDF with a password without Adobe Acrobat?
Several other applications allow you to encrypt a PDF with a password, including Foxit, SmallPDF, Nitro PDF, PDF Candy, etc. They all use the same methods as Adobe.
How do I encrypt a PDF for free?
Use a PDF editor that allows you to add PDF encryption using passwords for free. Some examples include SmallPDF, PDF Candy, or the Adobe site. However, be cautious when you upload PDF files to an external site – you have no way of knowing what they are doing with your original PDF or how secure their servers are.
How do I remove the password from encrypted PDF files?
Use a PDF password-cracking program such as Elcomsoft, Passper, PassFab, etc. Once they have guessed the password, these applications will deliver an unencrypted PDF file.
How do I send an encrypted PDF without a password online?
If you encrypt a PDF without a password using Locklizard Safeguard, you can distribute the encrypted PDF file however you like, including on a public-facing website, via email, etc. Only the devices you have authorized will be able to view the PDF file, regardless of where it is hosted or the service it is sent through.
Does Locklizard let me encrypt PDF files on a Mac?
Users can access Locklizard encrypted PDFs across Mac OS, iOS, Android, and Windows. However, the Safeguard Writer software which encrypts PDF files is only available on Windows. If you would like to encrypt a PDF on a macOS device, we recommend a VM or VPS.
What encryption algorithm does Locklizard use to encrypt PDF files?
AES 256 bit.
Are Locklizard encrypted PDF files easy to decrypt?
Only authorized users can decrypt Locklizard encrypted PDF files. To do so, they must download and install the Locklizard secure PDF viewer app and have activated their license. Alternatively, they must have been given access to the secure web viewer which decrypts PDF files online.
Why does Locklizard not password protect PDF files?
There are many reasons why Locklizard does not use password protection, from both a security point of view and key management. We cover this in detail in our blog on How to password protect a PDF and why it is not secure.
When encrypting a PDF can you compress it?
Yes, Locklizard enables you to select optimization options when encrypting a PDF which enable you to sanitize and compress PDF files.