What encryption standard does PurePDF use?
PurePDF uses AES-256 encryption, which stands for Advanced Encryption Standard with a 256-bit key. AES-256 is the gold standard for file encryption and is used by banks, governments, military organizations, and security professionals worldwide. It is currently considered computationally unbreakable — a brute-force attack against a strong AES-256 password would take longer than the age of the universe even with modern hardware. The strength of your protection ultimately depends on choosing a strong, unique password.
What is the difference between the user password and the owner password?
The user password (sometimes called the "open password") is required to open and view the PDF file. Anyone without this password sees only a prompt for credentials and cannot access the document content. The owner password (sometimes called the "permissions password") controls what authenticated users can do with the document — such as printing it, copying text, or making modifications. You can set an owner password without a user password to create a document that anyone can open but that restricts specific operations. Both passwords can be set simultaneously for maximum control.
What permissions can I control when encrypting a PDF?
PurePDF's encryption interface lets you toggle several permission flags: printing (whether the document can be printed and at what quality), copying (whether text and images can be selected and copied to the clipboard), modifying (whether the document structure can be altered), and annotations (whether comments and form fills can be added). These permissions are enforced by compliant PDF readers — note that they are not a security feature per se, since non-compliant tools may ignore them. They are best understood as intent flags for legitimate users rather than as a technical barrier.
What happens if I forget the password after encrypting my PDF?
There is no password recovery mechanism in PurePDF or in the AES-256 encryption standard itself — that is precisely what makes encryption secure. If you lose or forget the password for your encrypted PDF, you will not be able to open or modify the file using standard tools. For this reason, it is critical to store your password in a secure location before downloading the encrypted PDF — for example, in a reputable password manager like Bitwarden, 1Password, or your operating system's built-in keychain. Do not rely on memory alone for important encrypted documents.
Is the encryption done in my browser or uploaded to a server?
The encryption is performed entirely in your browser using pdf-lib, an open-source JavaScript PDF library. Your original PDF file is loaded into local memory, the encryption and permission flags are applied using pdf-lib's AES-256 implementation, and the encrypted output is saved as a new file — all without any network transmission of your document. PurePDF has no cloud backend and no server that stores or processes your files. You can verify this by monitoring your browser's network traffic during the encryption process.
Can I use PurePDF to remove a password from an existing encrypted PDF?
Yes. If you have a password-protected PDF and know the correct password, you can use PurePDF's Encrypt PDF tool to effectively "re-encrypt" it without a password — simply leave the password fields empty and click Encrypt. The output will be an unprotected PDF. Alternatively, many browsers (Chrome, Firefox, Edge) can open a password-protected PDF and then allow you to save it as a new unlocked PDF via the print-to-PDF function. Note that you must know the correct user password to unlock and re-save any encrypted PDF.
Does encrypting a PDF with PurePDF affect the visual quality of the document?
Yes — like other PurePDF tools, the encryption workflow re-renders PDF pages as raster images before applying encryption. This means the encrypted PDF consists of JPEG image pages rather than the original vector content. The visual quality at normal viewing sizes is excellent, but text will not be selectable or searchable in the encrypted output, and zooming in closely may reveal JPEG compression details. If maintaining fully native PDF structure with selectable text in the encrypted output is required, Adobe Acrobat or a similar professional tool is needed.
Is PurePDF suitable for encrypting sensitive documents like contracts and medical records?
PurePDF uses strong AES-256 encryption and processes all files locally without any server transmission, which addresses two of the primary concerns for sensitive document handling. However, there are limitations to consider: the encrypted output contains rasterized page images rather than the original document structure, which may not meet requirements in regulated industries (healthcare, legal, finance) that mandate specific PDF/A or PDF/UA standards. For documents subject to HIPAA, GDPR, or legal admissibility requirements, verify that rasterized AES-256-encrypted PDFs meet your organization's specific compliance standards before relying on PurePDF for regulated workflows.
Can I encrypt a PDF that is already password-protected?
Not directly in PurePDF. The tool requires an unlocked PDF as input — if you upload a currently protected PDF, the rendering pipeline cannot process its pages. To change the password on an already-encrypted PDF, first remove the existing protection (you'll need the current password to do so), then re-encrypt with the new password using PurePDF. This two-step process gives you full control over the password lifecycle of your documents.
How strong should my PDF password be?
The strength of AES-256 encryption is theoretically unbreakable, but the practical security of your encrypted PDF depends entirely on the password you choose. A weak password — like a common word, a name, or a short number — can be cracked quickly with dictionary attacks and GPU-accelerated password-guessing tools. Use a password of at least 12 characters combining uppercase letters, lowercase letters, numbers, and symbols. A passphrase made of four or more random words (for example "lamp-river-cloud-seven") is both strong and easier to remember. Consider using a password manager to generate and store a truly random password for maximum protection.