Introduction to PDF Encryption on Android

Encryption is the process in which some data is converted to an unintelligible format so that only authorized parties can access the original data. One of the ways of making the content of a PDF inaccessible to certain people is by setting a password.

Owner and User Passwords

A PDF file can have two kinds of password set. A user password (also known as an open password) prevents users from opening a document if they don’t know the password. When you try to open a document with a user password, PSPDFKit will show a password prompt to unlock the document. (If you want to open a document with a user password programmatically, you can use the openDocument(context, Uri, password) API.)

An owner password (also known as a permissions password) is a password that controls the editing of a document. When an owner password is set, you can configure a set of permissions, i.e. operations that you can or cannot perform on the PDF. For example, you can configure an owner password and the “printing” permission when saving a document to make sure that users who don’t know that owner password can only print the document, but not modify it. If you’re interested in the available set of document permissions and how PSPDFKit honors them, take a look at our Document Permissions guide.

If you want more information about what the user and owner passwords are in PDFs and how you can set them with PSPDFKit, take a look at this blog post: Protecting PDF Documents.

A PDF file can have multiple security-related options set. The owner password generally controls the editing of a document and is required as soon as you want to encrypt a document of any kind. The user password prevents users from viewing the PDF. It’s optional, but if you specify it, you also need to specify an owner password. Check out our related guide for more details on how to create a password-protected document using PSPDFKit.

Encryption Algorithms

When you set any password on a PDF document, PSPDFKit automatically encrypts the document to make it inaccessible to people who don’t know the password. PSPDFKit supports RC4 and AES encryption algorithms.

RC4 is a proprietary encryption algorithm of RSA Security Inc. It’s a symmetric stream cipher — i.e. the same algorithm is used for both encryption and decryption, and the algorithm doesn’t change the length of the data.

AES support was introduced with PDF 1.6. It’s a symmetric block cipher — i.e. the same algorithm is used for both encryption and decryption, and the length of the data when encrypted is rounded up to a multiple of the block size, which, in this implementation, is fixed to always be 16 bytes.

PSPDFKit defaults to encrypting documents with the strongest algorithm available. What this means is the AES encryption algorithm uses a sufficiently long encryption key (a long encryption key makes it impossible to decrypt a document using brute force).

The following table displays the strongest encryption algorithm compatible with different PDF and Adobe Acrobat versions:

PDF and Acrobat Version Strongest Encryption Algorithm
Acrobat 6.0 (PDF 1.5) 128-bit RC4
Acrobat 7.0 (PDF 1.6) 128-bit AES
Acrobat X and newer (PDF 1.7) 256-bit AES

If you’re editing a document with Adobe Acrobat, you can configure how setting a password will encrypt in Adobe Acrobat from File > Properties > Security. Select Password Security from the dropdown box and choose any encryption option from the Compatibility dropdown. By selecting the Acrobat 6 and later option when creating an encrypted PDF, a low encryption level (128‑bit RC4) is used, while the other options use a high encryption level (128‑bit RC4 or AES). Acrobat 7.0 and later encrypts the document using the AES encryption algorithm with a 128-bit key size. Since version 4.8, PSPDFKit for Android has supported encrypting password-protected documents using the Acrobat 7.0+ style encryption.