PDF encryption is a formally specified security system built into the PDF format, defined through security handlers that control how documents are encrypted and what operations are permitted. Understanding the encryption architecture explains the difference between password types, why certain restrictions can be bypassed, and how modern encryption standards protect document content.

The PDF specification defines two distinct passwords: the user password and the owner password. The user password (also called the open password) is required to decrypt and open the document. Without it, the PDF reader cannot access any content — the file is effectively locked. The owner password (also called the permissions password) is a separate credential that controls restriction enforcement. When a PDF is opened with the user password, the reader enforces whatever restrictions the owner has set (no printing, no copying, no editing). When opened with the owner password, all restrictions are bypassed and full access is granted. Importantly, both passwords are used to derive encryption keys, but they serve fundamentally different purposes in the security model.

PDF has evolved through several encryption methods. The original PDF encryption used 40-bit RC4, which is now considered cryptographically weak and can be brute-forced in seconds on modern hardware. PDF 1.4 extended this to 128-bit RC4, which provides significantly better security. PDF 1.6 introduced AES (Advanced Encryption Standard) with 128-bit keys, and PDF 2.0 added AES-256, which is the current gold standard and is considered unbreakable with current technology. AES operates in CBC (Cipher Block Chaining) mode for PDF encryption, where each 16-byte block of data is XORed with the previous encrypted block before encryption, preventing pattern analysis.

The encryption process works at the object level. Each string and stream in the PDF (which includes all text content, images, fonts, and metadata) is individually encrypted using a key derived from the document's master encryption key combined with the object's number and generation number. This per-object key derivation means that even identical content in different objects is encrypted differently, preventing an attacker from identifying duplicate content through ciphertext comparison.

Permission flags are stored as a 32-bit integer in the encryption dictionary, where each bit controls a specific permission: printing (bit 3), modifying content (bit 4), extracting text and graphics (bit 5), adding or modifying annotations and form fields (bit 6), filling form fields (bit 9), extracting for accessibility (bit 10), assembling the document (bit 11), and printing at high resolution (bit 12). A value of 1 permits the operation; 0 restricts it. These permissions are enforced by the PDF reader application — they are not cryptographic restrictions on the file data itself. This means that the permission system relies on the PDF reader's cooperation, and some third-party tools may ignore permission flags while still being able to decrypt the content using the user password.

The security handler architecture is extensible. Beyond the standard handler, PDF supports public-key security handlers that use X.509 certificates instead of passwords. In this model, the document is encrypted with a symmetric key, which is then encrypted with each authorized recipient's public key. Only holders of the corresponding private keys can decrypt the document. This is used in enterprise environments where certificate-based access control is preferred over shared passwords.