induwara.lk
induwara.lkDocuments · Privacy-first

Remove PDF Password

Strip the /Encrypt dictionary from a PDF you own — entirely in your browser, no signup, no upload. Detects RC4 and AES variants, decodes which user-access restrictions are set, and rebuilds the file with no security handler. For PDFs that require a password to open, the FAQ below documents the honest Print-to-PDF workflow.

By Induwara AshinsanaUpdated May 11, 2026
PDF Password RemoverIn-browser · no upload
Files stay on your device
Use only on PDFs you own — your own scans, books you bought, your own reports. This tool does not crack or brute-force passwords; it only removes restrictions from files that open without a password prompt. If you do not have the legal right to remove protections from a PDF, do not.

Everything happens in your browser. The PDF is never uploaded.

Waiting for a PDF

Drop a PDF above to inspect its encryption settings.

Built against the ISO 32000-2 PDF 2.0 specification, using pdf-lib for the page-tree rebuild. Encryption-dict detection and permission decoding verified 2026-05-11 — full source list in the "Sources & references" section below.

How it works

PDF protection lives in a single dictionary referenced from the trailer of the file: the /Encrypt entry (ISO 32000-2 §7.6.4). The dictionary names a security handler — almost always /Filter /Standard for password-protected PDFs — and records four fields the spec lists in Table 21: /V (algorithm version), /R (revision), /Length (key length in bits), and /P (a signed 32-bit bitmask of user-access permissions).

The tool runs in five deterministic steps, all in your browser:

  1. Validate the file. Confirms the PDF type, a non-zero size, and a per-file cap of 100.0 MB. The first 1 KB is scanned for the literal %PDF-n.m header (§7.5.2), and the last 2 KB for the %%EOF terminator (§7.5.5). Files missing either are rejected with an explanation rather than a silent failure.
  2. Find the /Encrypt dictionary. A two-pass byte-stream scan: pass one locates /Filter /Standard anywhere in the file; pass two independently confirms the trailer references /Encrypt N N R. The cross-check guards against partial detection on PDFs that store the dict in unusual locations.
  3. Decode the permissions bitmask. The 32-bit /P value is treated as unsigned, then bits 3, 4, 5, 6, 9, 10, 11, and 12 are isolated against named masks (4, 8, 16, 32, 256, 512, 1024, 2048). A 1 means the action is permitted; a 0 means denied. The breakdown panel above shows each bit's interpretation for the file you uploaded.
  4. Classify the encryption variant. /V /R pairs map to RC4-40 (V=1/R=2), RC4-128 (V=2/R=3), AES-128 (V=4/R=3 or R=4), and AES-256 (V=5/R=5 or R=6). The first three are the variants pdf-lib's ignoreEncryption: true workflow handles cleanly for owner-restricted PDFs.
  5. Rebuild without /Encrypt. On Remove Password, pdf-lib loads the document with encryption-check disabled, creates a fresh PDFDocument, copies every page from the source into it, then save() writes a brand-new file. The new file has no /Encrypt entry, a fresh xref table, and no /P bitmask — every restriction the original carried is gone.

The honest limit: pdf-lib does not contain RC4 or AES decryption code. For owner-restricted PDFs (the common case — printing or copying blocked, but no password to open) the content streams stay readable when the encryption dictionary is removed. For PDFs that need a user password to open, the content streams are real ciphertext that pdf-lib cannot decrypt, and the rebuilt file will appear blank. The FAQ below documents the Print-to-PDF workflow for that case.

Worked examples

Academic textbook with full restrictions

A 320-page coursework PDF from a publisher. Opens in any reader without a password prompt, but copy/print/modify are blocked.

  1. /Encrypt: /V 2 /R 3 /Length 128 /P -3,392
  2. Algorithm: RC4 128-bit (V=2, R=3) · /P as unsigned 32-bit: 0xFFFFF2C0
  3. Decoded restrictions: 7 of 8 permissions denied (e.g. print)
  4. RC4-128. decodePermissions reports 7 of 8 permissions denied — only accessibility extraction stays allowed. The Remove Password action strips the /Encrypt dictionary; the resulting PDF reads identically but every restriction is gone.

Quarterly report with edit-block only

A 12-page PDF distributed to staff. Print and copy stay allowed; modification and annotations are blocked.

  1. /Encrypt: /V 2 /R 3 /Length 128 /P -44
  2. Algorithm: RC4 128-bit (V=2, R=3) · /P as unsigned 32-bit: 0xFFFFFFD4
  3. Decoded restrictions: 2 of 8 permissions denied (e.g. modify contents)
  4. RC4-128 with P=-44. decodePermissions reports 2 restrictions (modify, annotations). After unlock the file opens with print, copy, form-fill, accessibility, assemble, and high-quality print all available.

Modern AES-256 PDF with no password

A PDF 2.0 file produced by a recent Acrobat. /V 5 /R 6 with permissions intentionally left as -4 (everything allowed).

  1. /Encrypt: /V 5 /R 6 /Length 256 /P -4
  2. Algorithm: AES-256 (V=5, R=6) · /P as unsigned 32-bit: 0xFFFFFFFC
  3. Decoded restrictions: 0 of 8 permissions denied
  4. AES-256 marked as such. The encrypt dict is present but every permission bit is 1. Removal succeeds and the result is byte-identical in behaviour to the input.

Frequently asked questions

Sources & references

Related tools

Rate this tool
Be the first to rate

Comments & feedback

Spotted a bug or want an improvement? Tell us — our team reviews every comment, and good ideas get built. Comments are public and anonymous.

Found a bug, edge case, or want to suggest an improvement?

Email me at [email protected] — most fixes ship within 24 hours.