Inside PDF Encryption: User/Owner Handshakes, Permissions, and AES Security Levels

PDF security relies on a dual-password authentication system: the User Password (required to open and read the file) and the Owner Password (required to edit, copy, print, or modify permission settings). When a PDF is encrypted, a standard PDF Security Handler derives an encryption key from these passwords. This derived key is then used to encrypt the document's body objects using symmetric encryption algorithms—historically RC4, and in modern documents, AES-128 or AES-256. What makes PDF encryption unique is that the document structure itself (the catalog and page list) remains visible to the parser, while the actual stream data (page contents, text arrays, and image binaries) are completely scrambled.

To authenticate, the PDF reader performs a cryptographic handshake. The file header contains specific security dictionaries (`/Encrypt`) listing parameters like `/Filter` (usually standard security), `/V` (algorithm version), `/R` (revision level), `/O` (Owner hash), and `/U` (User hash). When you enter a password, the reader hashes and hashes it again using SHA-256 or MD5 (depending on the revision level) and checks if the output matches the `/U` or `/O` hash stored in the file. If it matches, the reader computes the encryption key and decrypts the encrypted streams on-the-fly. The original password is never stored inside the file, only these verification hashes.

Because TellPDF executes all cryptographic operations using qpdf-wasm locally inside your browser, the password validation and stream decryption happen entirely within your local memory. When you provide a password to unlock a PDF, the WASM engine executes the key derivation and outputs an unencrypted copy to your local device. The password and unencrypted document never travel across any network, preserving the file's absolute confidentiality.