Encryption protects the contents of the PDF document and lets you restrict certain Adobe Actobat display functions. The Adobe Acrobat password features let users access protected documents and restricted functions.

A PDF document can have these levels of password protection:

  • A document open password (also known as a user password) controls read access to the PDF document.

  • A permissions password (also known as an owner or master password) controls the use of restricted functions. See Parameters for information about using the –a and –e parameters to restrict display functions.

    Note: Only Adobe software fully supports and respects these settings. Users of third-party PDF-enabled programs might be able to bypass some of these restrictions.

Both types of passwords can be set for a document. If the PDF document has both types of passwords, it can be opened with either password.

AFP2PDF Plus supports the following encryption algorithms:

  • RC4 40-bit
  • RC4-128-bit
  • AES 128-bit
  • AES 256-bit (Default)

RC4 (originally developed by RSA Security) is a symmetric stream cipher: the same algorithm is used for both encryption and decryption, and the algorithm does not change the length of the data. 40-bit and 128-bit refer to the length of the encryption key. 40-bit keys in general are susceptible to brute force attacks, which try all possible passwords. The design of the RC4 encryption algorithm does have some vulnerabilities, which tend to make it less secure than AES; but both RC4 40-bit and 128-bit are still used extensively around the world.

The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST). The algorithm described by AES is also a symmetric stream cipher. These ciphers each have a block size of 128 bits, but two different key lengths: 128 bit and 256 bit, hence the terms: AES 128-bit and AES 256-bit. AES is considered more secure because of weaknesses in RC4 keys.