Skip to main content

PDF Unlock

Remove password protection from a PDF you have the password to. qpdf-based. Files auto-deleted after 15 minutes.

Reviewed by · Last reviewed

How to Unlock a PDF You Have the Password To

  1. Upload the protected PDF by dragging it into the upload zone or clicking to browse. Up to 200 MB.
  2. Type the document password that the owner originally set. This tool removes protection from documents whose password you know; it does not crack unknown credentials.
  3. Click "Unlock PDF". The file is uploaded over HTTPS to our EU servers, decrypted with qpdf --password=YOURPASS --decrypt input.pdf output.pdf, and the unprotected copy is offered as a signed, time-limited download.
  4. Handle the unlocked copy carefully. It is as shareable as any plain document, so store it only where your policy allows.

Remove a Password You Have vs Crack a Password You Do Not

This tool is a decryption tool, not a password recovery tool. Decryption takes a ciphertext and the correct key and produces the original plaintext; this is what happens every time you open a protected PDF in a viewer. Password recovery, by contrast, tries millions of candidates until one works, and that is a category zeroutil deliberately does not support. Recovering a password you do not own can violate the US Computer Fraud and Abuse Act, the UK Computer Misuse Act 1990, or GDPR lawful-basis requirements when the document holds personal data. If you do not know the password, contact the person who created the file.

What "Unlocking" Actually Writes to the File

When you click Unlock, qpdf derives the 128-bit or 256-bit content-encryption key from your password using the salt stored in the /Encrypt dictionary's /O and /U fields, then decrypts every content stream, every font program, and the metadata. The trailer is rewritten to omit the /Encrypt reference, and the XRef table is regenerated so every object points at its new plaintext offset. The output is byte-different from the original, because the PDF has been re-serialized, but every page, image, annotation, and form field is preserved.

Why a Server Tool, Not a Browser Build

The PDF standard security handler is fully specified in ISO 32000, but a JavaScript or WebAssembly implementation that handles every revision (RC4 40-bit through AES-256) is hundreds of kilobytes and slow. Routing the file through our EU server runs the canonical native qpdf binary, finishes in well under a second for typical documents, and handles every PDF revision from 1.3 through 2.0. The trade-off is that your file is briefly visible to our infrastructure; we do not log content, and both the input and the unlocked output are auto-deleted after 15 minutes.

Legitimate Reasons to Unlock a PDF

  • Feeding a contract into an OCR or e-discovery pipeline that cannot accept encrypted input.
  • Merging a chapter supplied by a colleague with the rest of a book you are assembling in a PDF editor.
  • Removing legacy 40-bit RC4 protection from a 2005 archive so a modern reader can display it correctly.
  • Running bulk compression or PDF/A conversion on a folder of documents that are encrypted at rest for transit but need to be openable by automated tooling inside your network.
  • Passing a tax return into an accounting tool whose importer refuses encrypted input.
  • Printing to a shared office printer whose spooler cannot hold a decryption password.

Edge Cases to Know About

Not every locked PDF comes off cleanly. Files carrying a digital signature will open without warnings but report as broken because the bytes changed. Some government and banking PDFs embed an extended permissions dictionary that survives unlocking and still denies printing; those flags can be stripped with qpdf --decrypt locally. Certificate-protected PDFs cannot be unlocked here at all because the recipient key-pair is outside the server. Corrupted or truncated files that parse halfway may produce empty output; repair first with mutool clean -g input.pdf fixed.pdf.

Local Alternatives

The most reliable way to remove a password from a PDF on your machine is qpdf --decrypt --password=YOURPASS input.pdf output.pdf. It ships in Homebrew, Debian, Fedora, and Chocolatey, and handles every PDF revision. Ghostscript can also decrypt with gs -sPDFPassword=YOURPASS -o output.pdf -sDEVICE=pdfwrite input.pdf, though that path re-renders pages and can slightly reflow complex layouts. pdftk works for RC4-protected legacy files but lacks AES-256 support. CLIs are faster on batches and never upload; this page wins for unlocking one document with no install.

Frequently Asked Questions

Can this tool remove a password I do not know?

No. Password recovery and password removal are fundamentally different operations, and zeroutil only performs the latter. Without the correct password, the content streams inside the PDF remain unreadable ciphertext, and no realistic-time effort can derive the key against a competently chosen password. If you do not know the password, ask whoever produced the document.

Where is the decryption performed?

On our EU servers using the canonical native qpdf binary. The file is uploaded over HTTPS, decrypted, and the result is offered as a signed, time-limited download. Both the input and the unlocked output are auto-deleted after 15 minutes. We do not log file content.

Is my password transmitted to the server?

Yes - it travels inside an HTTPS request body to our api so qpdf can use it to derive the content-encryption key. It is held in process memory only for the duration of the qpdf call, never written to disk or to logs, and discarded as soon as the unlocked PDF is produced. If you would rather the password never leave your machine, run qpdf locally instead.

What is the difference between this and a PDF password cracker?

A cracker attempts to brute-force a password you do not have, typically by running a wordlist or a GPU-accelerated exhaustive search. This tool is strictly a decryption wrapper: it takes the password you already know and reproduces the byte sequence that any compliant reader would display. Offering both features on the same page would blur the legal line, so we chose not to.

Does unlocking break the original file?

No. The upload is read-only as far as your filesystem is concerned. The tool produces a new, unprotected file that you download separately, and the original PDF on disk is untouched. If you want to replace the original, do that yourself in your file manager after verifying the unlocked output opens and renders correctly.

Why did my unlocked file lose its digital signature validation?

Digital signatures cryptographically cover a specific byte range of the PDF. Decrypting the content streams and stripping the Encrypt dictionary changes those bytes, so the signature digest no longer matches even though nothing about the visible content moved. This is the expected, correct behavior: the signed original is still provable; the unlocked copy is a derivative you need to re-sign if you want a clean chain.

What about PDFs protected by a digital certificate instead of a password?

Certificate-based protection uses a recipient key-pair and an envelope rather than a password-derived key, and requires the private key from the recipient certificate to open. Servers cannot access those keys, so this tool does not support certificate protection. Use Acrobat Pro or the openssl-backed cert plumbing in your OS keystore for those files.

Does unlocking also remove print and copy restrictions?

Yes. Those restrictions live in the permission bits of the same Encrypt dictionary; once it is gone no flags remain and any reader honors printing, copying, and annotation. This is also a reminder that permission flags were never a real access control to begin with.

Can I unlock a legacy RC4-encrypted PDF from the early 2000s?

Yes. The standard security handler revision 2 and 3 (40-bit and 128-bit RC4) are still part of ISO 32000-1 and supported by qpdf today. Modern security guidance discourages creating new RC4 PDFs, but reading old ones so their content can be re-encrypted at AES-256 or stored in a PDF/A archive is a perfectly legitimate workflow.

Are there cases where unlocking is legally risky?

Yes. In most jurisdictions it is lawful to unlock your own document with your own password. It is not lawful to circumvent technical protection on a document you do not own or have permission to modify; that can trigger computer-misuse statutes, DMCA section 1201 in the US, or Article 6 of the EU InfoSoc Directive. If the document came from an employer, a vendor, or a government portal and you are unsure, get written authorization before unlocking.

How long do you keep the file?

Maximum 15 minutes from upload. The original upload, the unlocked output, and the signed download URL all stop working after that. There is no opt-in retention; the cleanup runs every 5 minutes on a tight cron.

More PDF Tools

Image to PDF

Combine multiple JPG and PNG images into a single PDF document.

Open tool

PDF Compressor

Compress PDFs with Ghostscript image downsampling. Pick a quality preset. Files auto-deleted after 15 minutes.

Open tool

PDF Merge (Server-Side)

Merge up to 20 PDFs into a single document on our EU servers using qpdf. Files auto-deleted after 15 minutes. Handles large or password-cleared inputs the in-browser merger cannot.

Open tool

PDF Merger

Merge multiple PDF files into a single document with drag-and-drop reordering.

Open tool

PDF Page Reorder

Rearrange pages in a PDF document with a visual drag-and-drop interface.

Open tool

PDF Password Protect

Add AES-256 password protection to PDF files via qpdf. Files auto-deleted after 15 minutes.

Open tool