Introduction to Encryption

PDF Password Encryption

In PSPDFKit, default PDF password encryption is supported. If you open a PDF document that is password protected, PSPDFKit will show a password prompt to unlock the document.

πŸ’‘ Tip: A PDF document can also be opened with a password preconfigured via openDocument(context, Uri, password).

By selecting the Acrobat 3 and later option when creating an encrypted PDF, a low encryption level (40‑bit RC4) is used, while the other options use a high encryption level (128‑bit RC4 or AES). Acrobat 9.0 and later encrypts the document using the AES encryption algorithm with a 256-bit key size. Android, including version 5.1, does not yet support the Acrobat 9.0+ style encryption.

Owner and User Passwords

A PDF file can have multiple security-related options set. The owner password generally controls the editing of a document and is required as soon as you want to encrypt a document of any kind. The user password prevents users from viewing the PDF. It’s optional but if you specify it, you also need to specify an owner password. Check out our Document Processing guide for more details on how to create a password-protected document using PSPDFKit.

Encryption Algorithms

PSPDFKit supports RC4 and AES encryption algorithms.

RC4 is a proprietary encryption algorithm of RSA Security Inc. It is a symmetric stream cipher β€” i.e. the same algorithm is used for both encryption and decryption, and the algorithm does not change the length of the data.

AES support was introduced with PDF 1.6. It is a symmetric block cipher β€” i.e. the same algorithm is used for both encryption and decryption, and the length of the data when encrypted is rounded up to a multiple of the block size, which, in this implementation, is fixed to always be 16 bytes.

Encryption Algorithm PDF and Acrobat Version
RC4 40-bit PDF 1.1 – 1.3 (Acrobat 2-4)
RC4 128-bit PDF 1.4 – 1.5 (Acrobat 5-6)
AES 128-bit PDF 1.6 – 1.7 = ISO 32000-1 (Acrobat 7-8)

PSPDFKit Supports Fast, In-Memory AES-256 Decryption

PSPDFKit is able to add an additional layer of security with support of state-of-the-art, fast, in-memory AES-256 decryption using the AesDataProvider class. Unlike other solutions, the PDF is never fully decrypted, and this even works with very large (> 500MB) documents. The file also will never be written out unencrypted to disk. For more details, look at our AES Data Provider guide.