Protect PDF
Add a password to a PDF. Anyone trying to open the file will need to enter it first.
Server-side processing
This tool uses qpdf with AES-256 encryption. Your file and password are processed on our server and deleted immediately after the response. Nothing is stored or logged.
Add AES-256 password protection to a PDF. Server-side qpdf, no logging, no signup. Compatible with all modern PDF viewers.
Password-protect a PDF is the right move whenever you share confidential information by email, cloud link, or USB drive. Encrypted PDFs require the correct password before anyone — sender, recipient, or interceptor — can view the content.
Pick Rack's Protect PDF tool uses [qpdf](https://qpdf.sourceforge.io) with AES-256 encryption, the strongest standard supported by the PDF specification. Output works in Adobe Reader, Foxit, Preview, all browser PDF viewers, and any modern PDF software.
Free, no signup, no watermark, no logging. Files up to 100MB.
Key features
- AES-256 encryption — The strongest PDF encryption standard. Considered cryptographically secure — practically uncrackable without the password.
- Universal compatibility — Works in Adobe Reader, Foxit, Preview, Chrome/Firefox/Safari built-in PDF viewers, and all major mobile PDF apps.
- Same password for view and edit — Simple UX — one password gates both opening and editing. For separate user/owner passwords, use qpdf locally with custom flags.
- Server-side processing — File uploads over HTTPS, gets encrypted, and is deleted from temp storage. Password held only during the brief qpdf call.
- Free, no quota — Use as often as you need. No daily limit, no signup, no premium tier.
How to use
- Step 1: Upload PDF — Drop or click to add a single PDF (up to 100MB). Must NOT already be encrypted (use Unlock PDF first if needed).
- Step 2: Enter and confirm password — Minimum 4 characters. Use a strong password — long, mix of character types, hard to guess.
- Step 3: Click Add password — Server encrypts in 2-5 seconds for most files.
- Step 4: Download protected.pdf — Save the encrypted file. The password you set is required to open it.
When to use
- Email contracts, NDAs, confidential reports with an encryption layer beyond what the email provider offers
- Share tax returns and financial statements with your accountant securely
- Protect personal IDs (passport scans, driver license) before storing in cloud drives
- Lock medical records for patient privacy (HIPAA compliance baseline)
- Secure design files and IP when sending to external collaborators or vendors
- Protect children's school records before emailing to teachers or institutions
Frequently asked questions
How strong is AES-256 encryption for PDF?
AES-256 is the strongest encryption supported by the PDF standard and is considered cryptographically secure. Without the password, brute-forcing AES-256 is computationally infeasible (would take longer than the age of the universe with current technology). The weakness is always in password strength, not the algorithm.
What makes a strong PDF password?
12+ characters, mix of uppercase, lowercase, numbers, symbols. Avoid dictionary words, names, dates, or common patterns. A passphrase like "Correct-Horse-Battery-Staple-1972" is stronger than "P@ssw0rd123" despite looking less complex.
Can I lose access to a protected PDF if I forget the password?
Yes. Without the password, the file is unrecoverable. Always store passwords in a password manager (1Password, Bitwarden, KeePass) and ensure you have at least one backup.
Why not separate user and owner passwords?
PDF supports two password levels: user password (required to view) and owner password (required to modify). This tool sets both to the same password for simplicity. For advanced separation, run qpdf locally: qpdf --encrypt USER OWNER 256 -- input.pdf output.pdf.
Will the protected PDF work on iPhone, iPad, Android?
Yes. All major mobile PDF viewers (Apple Preview/Books, Adobe Acrobat, Foxit Mobile, Google Drive PDF viewer) support AES-256 protected PDFs and will prompt for the password on open.
Can I encrypt an already-encrypted PDF with a new password?
Not with this tool. Unlock first using Unlock PDF (with the existing password), then re-encrypt with this tool using the new password.
Is my password sent to your server?
Yes, over HTTPS for the duration of the encryption operation (a few seconds). The password is held in process memory only and not written to logs or storage. After the operation, it's gone. For extreme paranoia, run qpdf locally and never send the password over any network.