What this tool does
PDFGrover encrypts a PDF with AES-256 so that only someone who knows the password can open, copy, print, or edit it. The encrypted file works in any modern PDF viewer (Adobe Acrobat, Apple Preview, Chrome PDF viewer, macOS / iOS PDF preview, Foxit, etc.) — they all prompt for the password on open.
Input limits
- Single file per request
- Up to 100 MB per upload
How the encryption works
Protect PDF encrypts your file on our secure server with AES-256 — the strongest encryption modern PDF readers support, and the same standard Adobe Acrobat and Apple Preview use.
- The open password is the one you choose — anyone opening the PDF must type it.
- A separate owner key that would otherwise allow changing the permissions later is generated randomly per file and immediately discarded, so nobody — including us — can alter the produced file's permissions after the fact.
- Your three permission choices (print / copy / edit) are written into the encrypted file.
The encrypted PDF is streamed back to you and the unencrypted source is deleted as soon as your download is ready.
What the protection actually prevents
Without the password, a recipient cannot open or read the PDF at all — that's the AES-256 layer, and it is cryptographically strong.
With the password, what they can do depends on the boxes you ticked:
- Allow printing (default ON) — untick and most viewers grey out the print button.
- Allow copying text and images (default OFF) — when off, most viewers grey out copy and select-all. Tick to allow copying.
- Allow editing and annotations (default OFF) — when off, most viewers grey out edit / annotate / insert-page. Tick to allow it.
These restrictions are honoured by the viewer (Adobe Acrobat, Apple Preview, Foxit, Chrome's PDF viewer all respect them) — they're the PDF specification's "owner permissions" model: the viewer reads the permission and enables or disables the matching UI.
What the protection can't do
- Can't stop a determined user from removing the encryption if they know the password. Anyone with the password can strip the encryption (e.g. with our Unlock PDF tool) — at which point the permission settings also disappear. This is a fundamental limit of password-based PDF protection: the password is both the access key and the un-restriction key.
- Can't stop screenshots, screen recording, or retyping by hand. No PDF DRM does. If the recipient can read the document, they can reproduce its content with effort.
- Can't revoke access after the fact. Once you share the password, anyone with it has permanent access. For revocable access, use a secure file-sharing service with time-limited links.
- Won't stop a determined attacker with enormous compute from brute-forcing a weak password. Pick a strong one — length matters more than special characters.
If you lose the password
There is no recovery path. Our unlock tool requires that you already know the password; it doesn't crack passwords. AES-256 is cryptographically sound — brute-forcing a strong password is not practical with any commercially available hardware. Store your password somewhere safe (a password manager) before you close the tab.
Privacy and file handling
Your PDF is uploaded over HTTPS, encrypted in a temporary folder, and both the unencrypted source and the random owner key are discarded as soon as your download is ready. Your password exists only in server memory for the duration of that single encryption request — it is not logged, not cached, and not reachable afterward. Close the tab mid-encrypt and the job is cancelled and temporary files cleared automatically. No sign-up, no watermark.