PDF encryption makes use of RC4 and AES algorithms with different key length. pypdf supports all of them until PDF-2.0, which is the latest PDF standard.

pypdf use an extra dependency to do encryption or decryption for AES algorithms. We recommend pyca/cryptography. Alternatively, you can use pycryptodome.

Note

Please see the note in the installation guide for installing the extra dependencies if interacting with PDFs that use AES.

Encrypt

You can encrypt a PDF by using a password:

from pypdf import PdfReader, PdfWriter

reader = PdfReader("example.pdf")
writer = PdfWriter(clone_from=reader)

# Add a password to the new PDF
writer.encrypt("my-secret-password", algorithm="AES-256")

# Save the new PDF to a file
writer.write("out-encrypt.pdf")

The algorithm can be one of RC4-40, RC4-128, AES-128, AES-256-R5, AES-256. We recommend using AES-256-R5.

Warning

pypdf uses RC4 by default for compatibility if you omit the “algorithm” parameter. Since RC4 is insecure, you should use AES algorithms.

Decrypt

You can decrypt a PDF using the appropriate password:

from pypdf import PdfReader, PdfWriter

reader = PdfReader("encrypted-file.pdf")

if reader.is_encrypted:
    reader.decrypt("test")  # secret password

writer = PdfWriter(clone_from=reader)

# Save the new PDF to a file
writer.write("out-decrypt.pdf")