๐Ÿ”“ Delete PDF Password

Last updated: March 16, 2026

๐Ÿ”“ Delete PDF Password

Unlock a password-protected PDF right here โ€” 100% local, zero uploads.

๐Ÿ“„
Drag & drop your PDF here, or click to browse

Private by design โ€” your PDF never leaves your device.
Supports RC4 (40-bit & 128-bit) and AES-128 encrypted PDFs (PDF 1.1โ€“1.6).

What Does "PDF Password" Actually Mean โ€” and Why Removing It Is Sometimes the Right Call

There are two very different kinds of PDF passwords, and most people encounter them without realising they're not the same thing. The first is an open password (sometimes called a user password) โ€” the kind that blocks you from even opening the file. The second is a permissions password (owner password), which lets you open and read the document but silently prevents actions like printing, copying text, or editing. Both are stored as cryptographic hashes in the PDF's encryption dictionary, and both can, under the right circumstances, be legally and practically removed by the document's owner.

The scenario this tool is built for: you created or received a PDF, you know the password, but the constant re-authentication is becoming a friction point. Maybe it's a scan of your own tax return, a bank statement you've already downloaded, or a work document you need to batch-print from a system that chokes on encrypted files. Entering the password once to get a clean, unrestricted copy is a completely reasonable thing to want.

How PDF Encryption Actually Works Under the Hood

When you password-protect a PDF, the application doesn't simply lock a file with your password as a key. Instead, it runs your password through a multi-step derivation process โ€” originally specified in the PDF standard going back to version 1.1 โ€” to generate a separate file encryption key. That key is what's used to encrypt the actual content: every text stream, image data, and embedded object gets scrambled individually.

Older PDFs (up to version 1.5 or so) typically use RC4 encryption, either with a 40-bit key (very weak, PDF revision 2) or a 128-bit key (revision 3). PDF 1.6 introduced AES-128 in CBC mode (revision 4), which is considerably more robust. PDF 1.7 extended this further to AES-256, though that's a different algorithm path entirely.

The key derivation for standard PDF encryption involves padding your password to exactly 32 bytes using a well-known padding sequence from the spec, then running an MD5 hash over that padded password combined with the owner-password hash, the permissions flags, and the file's unique ID. For revisions 3 and above, this MD5 step repeats 50 times to slow brute-force attacks. The resulting bytes become the file encryption key used for RC4 or AES operations on every individual object.

To verify that you've got the right password, the spec defines two verification algorithms. For RC4, the encryption of a known padding sequence with the derived key should match the stored U (user) value. For AES, it's a similar challenge-response using the file ID. This is exactly what happens when you enter a password here โ€” the tool checks your answer against the stored verification data before touching a single byte of content.

The "Owner Password" Situation โ€” What It Means for Permissions-Only Locks

Here's something that surprises people: a PDF can have an owner password without a user (open) password. In that case, the file opens freely โ€” no password prompt โ€” but certain operations are disabled. The encryption is still real; the file key is derived from an empty user password combined with the owner password hash, and the permissions flags are cryptographically protected.

What this means in practice is that the "permissions" enforced by an owner password are only enforced by PDF reader software that respects them. The spec itself acknowledges this โ€” it describes the permissions as an advisory mechanism, not a security boundary. Even so, many workflows depend on those flags, and stripping them (if you have the right to do so) is a legitimate operation.

Why Client-Side Processing Matters for Sensitive Documents

A document protected by a password is, by definition, sensitive. Uploading it to a third-party server to have the password removed means trusting that server's security posture, their data retention policies, and their staff access controls โ€” none of which you can verify. This is not a hypothetical concern: financial documents, legal agreements, medical records, and HR files routinely end up in password-protected PDFs, and those are exactly the documents you shouldn't be handing to a random web service.

Running the decryption in your browser eliminates that risk entirely. The file stays on your device. The JavaScript engine in your browser handles the cryptographic operations locally, and nothing is transmitted. The unlocked file is generated in memory and offered as a direct download. If you close the tab, it's gone.

What Encryption Versions This Tool Supports

This tool handles the most common PDF encryption formats encountered in documents created between roughly 1998 and 2015: RC4 40-bit (PDF 1.1โ€“1.3), RC4 128-bit (PDF 1.4โ€“1.5), and AES-128 (PDF 1.6). The underlying algorithms โ€” MD5 for key derivation, RC4 for stream decryption, and AES-128 in CBC mode โ€” are all implemented from scratch in pure JavaScript with no external libraries.

PDF 1.7 AES-256 (revision 5 and 6) uses a completely different key derivation scheme based on SHA-256 rather than MD5, and that's outside the scope of this tool. If you have a newer PDF created by Acrobat XI or later with 256-bit AES, you'll need a desktop application like qpdf, Ghostscript, or Adobe Acrobat itself. Most PDFs from banks, government portals, and typical business software still use AES-128 or RC4-128, though, so this covers a wide practical range.

The Legal and Ethical Picture

Removing a PDF password is legal when you own the content or have authorisation from the owner. Creating an unlocked copy of your own bank statement, a contract you signed, or a document you authored is no different from making a photocopy. What you can't legally do is remove password protection from someone else's copyrighted content to bypass distribution controls โ€” the same rule that governs other DRM circumvention in many jurisdictions.

The tool has no way to know whether your use is authorised; that's between you and the law. But the password requirement itself is part of that check โ€” if you know the password, you presumably have legitimate access to the document.

Frequently Asked Questions

What Happens to the Original File?

Nothing. This tool reads the file into browser memory, processes a copy, and offers the decrypted version as a new download. Your original file on disk is completely untouched. The tool never writes back to any file on your device โ€” browser security restrictions make that impossible without explicit save dialogue interaction.

FAQ

What types of PDF passwords can this tool remove?
It handles both open passwords (that block you from viewing the file) and owner/permissions passwords (that restrict printing, copying, or editing). As long as you supply the correct password, the tool will derive the file encryption key, verify it, and produce an unlocked copy. It supports RC4-40, RC4-128, and AES-128 encryption โ€” the formats used in PDFs created before roughly 2013.
Is it safe to use this on a document with sensitive personal information?
Yes โ€” because the file never leaves your device. All decryption happens inside your browser using JavaScript running locally on your machine. There is no server, no upload, and no transmission of any kind. You can even disconnect from the internet before dropping in your file if that makes you more comfortable.
I entered the correct password but it says 'incorrect password' โ€” why?
A few things can cause this. First, double-check capitalisation and any special characters โ€” PDF passwords are case-sensitive. Second, if the PDF uses AES-256 encryption (common in files created by Adobe Acrobat XI or newer with the 256-bit setting), that algorithm is outside what this tool supports; you'll need a desktop tool like qpdf or Ghostscript. Third, some PDFs use certificate-based encryption rather than password-based encryption, which is a completely different mechanism.
Will the unlocked PDF look exactly the same as the original?
The content โ€” text, images, layout, fonts โ€” should be identical. The only structural difference is the removal of the encryption dictionary and the Encrypt entry from the trailer, which are the flags that tell PDF readers to enforce password protection. The file will be fully readable and printable in any PDF viewer.
Is it legal to remove the password from a PDF?
If you created the document, own the rights to the content, or have explicit permission from the document owner, yes. Removing a password from your own bank statement, tax document, or a contract you signed is entirely lawful. Using this to bypass copy protection on commercial content you don't own is a different matter and may breach copyright law depending on your jurisdiction.
My PDF says it has 'no password' but some features are locked โ€” can this fix that?
Yes. A PDF with only an owner/permissions password opens freely but disables printing, copying, or editing. This is still encryption โ€” the permissions flags are protected by the owner password. If the original creator set a permissions password that's separate from the open password, and you know it, you can enter it here. If the permissions password was never shared with you, the tool cannot recover it by guessing โ€” you would need the actual password string.
Disclaimer: This article is for general informational and educational purposes only and does not constitute professional, financial, medical, or legal advice. Results from any tool are estimates based on the inputs provided. Always verify important details and consult a qualified professional before making decisions.