keptlocal
Files never leave your browser

Protect PDF

Password-protect a PDF without uploading — no signup, no account, no watermark. Set a user password and download the encrypted file instantly.

Drop a PDF here, or

PDF files only · Files never leave your browser.

Drop a PDF to get started.

How to add a password to a PDF

  1. Drop your PDF onto the drop zone, or click "choose a file from your device" to open the file picker. Only PDF files are accepted.
  2. Enter a password in the Password field. Choose something you will remember or store in a password manager — there is no way to recover or remove the password without knowing it.
  3. Confirm the password in the second field. The Protect PDF button activates only when both passwords match and a file is loaded.
  4. Click Protect PDF. The encrypted file downloads automatically with "-protected" appended to the original filename.

The entire operation runs in your browser using pdf-lib. Your PDF is never uploaded to a server — open DevTools → Network while protecting to confirm zero outbound requests.

When to password-protect a PDF

  • Emailing sensitive documents: A PDF containing personal information, financial data, or contract terms sent by email can be intercepted or forwarded. Password-protecting the document means the recipient needs the password to open it — send the password through a separate channel (phone, SMS, a different email account) for reasonable security.
  • Sharing documents in cloud storage: Even with a view-only sharing link, a determined recipient can often download the file. Adding a password to the PDF itself provides a second layer of protection that persists even if the link is forwarded or the storage account is compromised.
  • Distributing confidential reports: Businesses routinely send quarterly reports, board documents, and due diligence packages to multiple parties. A password ensures only the intended recipients can read the content.
  • Protecting personal records: Tax returns, medical records, ID scans, and similar documents are high-value targets for identity theft. Encrypting them before storing in cloud backup or emailing to an accountant reduces the risk if those systems are later breached.
  • Restricting printing or copying: The tool sets permissions that prevent text copying and printing by default (while allowing form filling). This is useful for distributing documents where the content should be readable but not easily reused.

How PDF password encryption works

PDF encryption uses a combination of a password and an encryption algorithm to scramble the document's content. Without the correct password, a PDF viewer sees only encrypted data it cannot render. This tool uses AES-128-bit encryption, which is the standard encryption mode for PDF 1.6 and later documents and is supported by every modern PDF viewer.

The PDF specification defines two passwords: the user password (also called the open password) and the owner password. The user password is required to open and read the document. The owner password unlocks the document's permission restrictions — things like printing, text extraction, and editing. This tool sets both: your chosen password as the user password, and a derived string as the owner password. In practice, this means anyone who knows your password can open and read the document, but cannot override the permissions restrictions without the owner password.

AES-128-bit encryption is considered secure against brute-force attacks when a strong password is used. The password itself is the weak link — a short or common password can be guessed quickly by purpose-built PDF cracking tools. Use a password of at least 12 characters, ideally generated randomly using the Password Generator tool.

Limits and what to expect

Already encrypted PDFs: If a PDF is already password-protected, the tool attempts to load it with encryption ignored. This works for documents where only owner-level restrictions are set. If a user password is required to open the file, you need to unlock it first using the Unlock PDF tool.

File size: There is no enforced file size limit. The practical ceiling is your device's available RAM — a 200 MB PDF on a device with 4 GB of RAM should process without issue.

Compatibility: The encrypted PDF will open in Adobe Acrobat, Adobe Reader, Preview (macOS), Chrome's built-in PDF viewer, Edge, Firefox, and all major mobile PDF apps (iOS Files, Android PDF viewers). If a viewer shows "Encrypted" and prompts for a password, enter your chosen password to open it.

What this does not protect against: Screenshot and screen recording. A user who can open the PDF can always capture what is on screen. If your threat model includes preventing any reproduction of content, physical access controls or DRM systems (which PDF encryption does not provide) are required.

Privacy: what happens to your PDF

Your PDF file is processed entirely within your browser using the pdf-lib JavaScript library. It is loaded into browser memory, encrypted in memory, and the encrypted copy is written to your device via the browser's download API. The original and encrypted files never leave your device.

Your password is also never transmitted. It is used only as input to the encryption algorithm running in your browser's JavaScript engine, then discarded when the page is closed.

This is a structural privacy guarantee — not a policy promise. Server-based PDF tools must necessarily receive your file to process it. keptlocal's client-side architecture makes sending your file technically impossible.

Frequently asked questions

Are my files uploaded to a server?
No. PDF encryption runs entirely in your browser using pdf-lib. Your document never leaves your device — open DevTools → Network while processing to confirm zero upload requests.
What does the user password do?
The user password (also called the open password) is required to open the PDF in any viewer. Anyone who does not know the password will see a prompt and cannot access the content.
What encryption is used?
AES-128-bit encryption, which is the standard used by most PDF tools and supported by all modern PDF viewers including Adobe Reader, Preview, Chrome, and Edge.
Can I remove the password later?
Yes — use the Unlock PDF tool on keptlocal. Enter the password and download an unlocked copy.
Will the PDF work on all devices?
Yes. Password-protected PDFs created with AES-128 open on any device with a PDF viewer — Windows, macOS, iOS, Android.
Is there a file size limit?
No hard limit. The practical ceiling is your device's available RAM.