PDF Unlocker

Disabled {{ engineBadge }} {{ encryptionBadge }} Local preflight

Locked PDF:

Drop or browse one PDF. This disabled draft does not upload, decrypt, or save a modified file.

Known password:

Use an open password or owner/permissions password supplied by the document owner.

Password type:

Choose the best description of the password you have.

Authorization confirmation:

Required before any production unlock flow should run.

Permission note:

Example: Owner request SR-4821, HR policy form, or my own archived file.

Target filename:

Leave blank to derive a future output name from the selected PDF.

Browser scan limit:

Raise only on a capable desktop browser. Production decrypt work should run in a bounded worker.

Gate	Status	Evidence	Next action	Copy
{{ row.gate }}	{{ row.status }}	{{ row.evidence }}	{{ row.action }}

Signal	Value	Detail	Copy
{{ row.signal }}	{{ row.value }}	{{ row.detail }}

Step	Action	Status	Handoff	Copy
{{ row.step }}	{{ row.action }}	{{ row.status }}	{{ row.handoff }}

Export to PDF Fullscreen

Embed:

Customize

Include current inputs

Size

Advanced

Width

Height

Aspect ratio

Max height

Collapsible embed

Allow fullscreen

Referrer policy

Sandbox tokens

PDF unlocking means removing document encryption or permission restrictions after the document owner has approved the change. It is useful for archived invoices, HR forms, policy packets, and supplier documents that need to move into a system that cannot handle password prompts or restricted copy, print, or form behavior.

A safe unlock request starts before any decrypt command runs. The source should look like a real PDF, the requester should have authority to modify it, and a known open or owner password should be available when the document is encrypted. Without those checks, an unlock attempt can become a password-guessing exercise, a policy bypass, or a rewrite that damages signatures and forms.

PDF password security has two common parts: a password that opens encrypted content, and owner-level permission control for operations such as printing, copying, editing, and annotation. Some PDFs open without a prompt but still carry permission restrictions. That situation still deserves an owner-approved process because the file may contain an encryption dictionary with permission bits that conforming readers choose to enforce.

Unlocking is not the same as redaction, malware review, or document repair. A decrypted copy can still contain hidden attachments, forms, JavaScript actions, document metadata, or a signature appearance that no longer validates after rewriting. The original file should stay available until the eventual output has been opened, compared, and accepted by the document owner or record custodian.

Technical Details:

PDF encryption is described by an encryption dictionary. The dictionary can identify the security handler, algorithm version, security revision, key length, and permission bit field. When a reader opens an encrypted PDF, it uses the supplied password, or sometimes an empty password, to recover the encryption key and decrypt document strings and streams.

The user password, often called the open password, is meant to allow reading with the permissions chosen by the owner. The owner password grants permission to change security settings and is commonly the safest credential for removing restrictions. Permission flags are weaker than a true access barrier because software that can decrypt and read the file may choose whether to honor restrictions such as print, copy, edit, and annotation limits.

A reliable unlock operation has to authenticate the source, rewrite the PDF without the encryption dictionary, reopen the output, and verify that no password prompt remains. It should also check that page count, forms, attachments, metadata, and signatures still match the intended record. The current page stops before that rewrite step and reports the missing decrypt engine as a blocker.

Rule Core:

The readiness decision is rule-based. Structure markers tell whether the source looks like a PDF, password and authorization gates decide whether a request is allowed to continue, and the engine gate states whether an unlocked output can be created.

PDF unlock readiness signals and decision use
Signal	Meaning	Decision use
`%PDF-` header	The selected bytes start with a visible PDF version marker.	A missing header blocks trust in the selected source.
`%%EOF` marker	The sampled tail contains an end marker used by PDF readers as a basic completeness clue.	A missing marker should slow the handoff and trigger a source-file check.
`/Encrypt` dictionary	The sampled structure contains PDF security data.	Continue only with a known open or owner password and an approved decrypt path.
`/V`, `/R`, `/Length`, `/P`	Visible dictionary fields can show algorithm family, security revision, key length, and permission bits.	Use the detail as handoff evidence, not as proof that the file can be unlocked in the browser.
Known password	The page records password presence, length, and selected password type without exporting the password value.	An empty password field blocks encrypted-file processing; password guessing is outside scope.
Authorization confirmation	The requester confirms ownership, administration, or explicit permission and can add a permission note.	If authorization is not confirmed, the unlock gate remains blocked.
Signature, form, attachment, JavaScript, or policy hints	Active content and security-policy markers can change the risk of rewriting the document.	Review these signals before any production decrypt worker creates an output copy.

Current processing boundary

The browser reads one selected PDF and scans a bounded byte sample for structure markers. The default scan limit is 80 MB and the allowed control range is 10 MB to 200 MB. Large files can duplicate memory while being read, so an oversize result should move to a bounded backend or desktop workflow instead of forcing a fragile browser session.

PDF unlock current processing boundaries
Boundary	Current behavior	What remains for production
File handling	The source is read in the browser for local structure checks.	A production unlock path still needs controlled file intake and output handling.
Password handling	The password value stays out of table exports and JSON; only presence, length, and type are reported.	The actual decrypt worker must receive the credential through an approved secret-handling path.
Unlock engine	The engine gate is always Blocked; no PDF is decrypted or written.	A qpdf-compatible or equivalent PDF engine must authenticate, rewrite, and verify the output.
Output verification	The page can plan a target filename and report page hints from the source scan.	The eventual output must reopen without a password prompt and preserve expected pages and document behavior.

Everyday Use & Decision Guide:

Use the page as an unlock readiness review for one PDF at a time. Start with a document you own, administer, or have written permission to modify, then turn on Authorization confirmation and add a short Permission note such as an owner request or internal ticket.

Add the Known password only when the owner has supplied it or the document is yours. Choose Owner or permissions password when you have the credential that controls restrictions, Document open password when it only opens the file, Opens without a password but restricts actions for empty-user-password restriction files, or Known password, type unknown when the source cannot tell you which credential was provided.

Keep Browser scan limit at 80 MB for ordinary preflight. Raise it only when the browser has enough memory and the selected PDF stays within the 200 MB control limit.
Use Target filename as a planning name only. The page cannot create or download an unlocked PDF.
Review Unlock Gate first. Authorization, PDF source, Browser work limit, Encryption marker, and Known password decide whether the handoff is even sensible.
Use File Evidence to check header, end marker, encryption dictionary, page hints, object and stream hints, and active-content signals.
Use Owner-Safe Plan when another reviewer needs the next actions without receiving the password value.

A common misread is treating Unlock Handoff Ready as an unlocked file. It only means the authorization, password, and source checks are ready for a controlled decrypt worker. The Unlock engine row still says Blocked, so no output file has been produced.

If the scan reports No Lock Marker Found, do not assume every permission problem is gone. Open the PDF in the system that complained and confirm whether it still blocks copy, print, form completion, or import. If restrictions remain, get the owner password or an unprotected source from the document owner before escalating.

Step-by-Step Guide:

Follow this flow for an owner-approved unlock request that has not yet reached a production decrypt worker.

Select one file in Locked PDF with Browse PDF or the drop area. The summary should move from Choose a PDF to the selected file name, size, and visible PDF header after scanning.
Enter the Known password and set Password type. If the password field is empty and the file has an encryption marker, Known password remains Blocked.
Turn on Authorization confirmation and add a Permission note. The Authorization row should change from Blocked to Confirmed.
Open Advanced only when the file exceeds the current Browser scan limit or when a future output name needs to be planned in Target filename.
Select Analyze PDF. If the action is unavailable, choose a source file, wait for the scan to finish, or resolve an Oversize browser work-limit state.
Read Unlock Gate. Fix Invalid source, Blocked, or Oversize rows before relying on the handoff.
Review File Evidence and Owner-Safe Plan. If active content, signatures, attachments, or security policy hints appear, keep them in the handoff so the production reviewer can decide whether rewriting is allowed.

A complete run leaves a source evidence summary and a blocked-engine plan. It should not leave an unlocked PDF, and it should not expose the password value in copied evidence.

Interpreting Results:

The most important row is Unlock engine. It always stays Blocked in the current disabled build. Unlock Handoff Ready means the input gates are prepared for a future decrypt worker, not that document security has been removed.

PDF unlock result cues and follow-up actions
Result cue	How to read it	What to do next
Authorization is Blocked	No owner, admin, or explicit permission has been confirmed.	Stop until permission is documented.
PDF source is Invalid	The selected file did not pass the PDF header check.	Replace it with a real PDF source before continuing.
Encryption marker is Encrypted	The sampled structure contains `/Encrypt`.	Continue only with a known password and a PDF-aware decrypt engine.
No encryption marker	The sampled structure did not show `/Encrypt`.	Verify restrictions in a PDF reader or destination system before deciding no unlock is needed.
Active content hints	Forms, JavaScript, signatures, or attachments may affect risk after rewriting.	Review the original and the eventual output before replacing the source record.

Password length in the evidence table is not a strength score and does not prove the credential is safe to store or share. Keep password values out of notes, screenshots, issue text, and exported evidence, then test any future output by opening it without a prompt and comparing expected pages and behavior.

Worked Examples:

Owner-approved HR form

An HR manager sends a 2.6 MB protected form and provides the owner password with a ticket reference. After selecting the file, entering the password, choosing Owner or permissions password, and confirming authorization, Unlock Gate should show Confirmed, Ready, Pass, Encrypted, and Present. Unlock engine remains Blocked, so the right next step is a controlled decrypt worker and a post-rewrite form check.

PDF opens but copy is restricted

A supplier PDF opens without a password prompt but blocks copy and print in a conforming reader. Choose Opens without a password but restricts actions for Password type, but do not treat the empty prompt as owner approval. If Encryption dictionary is Found and the owner password is missing, Known password should stay unresolved until the document owner supplies the right credential or a new source.

Large signed board packet

A 146 MB signed board packet exceeds the default 80 MB Browser scan limit, so Browser work limit reports Oversize. Raising the limit may allow local structure evidence on a capable desktop, but the signature warning still matters. Any future rewrite can invalidate signature evidence, so keep the original signed file and require a reader-based signature check after processing.

Renamed image file

A file named like a PDF fails the header check because the bytes do not start with %PDF-. The summary reads Not a PDF, PDF source becomes Invalid, and the error says the selected file did not pass the PDF header check. Replace the source instead of trying to plan an unlock.

Responsible Use Note:

Use PDF unlocking only for documents you own, administer, or have explicit permission to modify. Do not use an unlock workflow to bypass a publisher, employer, school, signer, or system owner who has not approved the change.

Keep passwords and source documents under the same controls used for the original record. The page avoids exporting password values, but a user can still leak a credential through the visible password toggle, screenshots, copied notes, or a support message. Treat every future decrypted copy as a new sensitive document until it has been reviewed and placed in the correct storage location.

FAQ:

Does this create an unlocked PDF?

No. The current build scans and plans the handoff only. Unlock engine stays Blocked, and no PDF is decrypted, rewritten, uploaded, or saved as an unlocked output.

Does the selected PDF leave my browser?

The selected PDF is read in the browser for the current preflight. The page reports structure markers, password presence, authorization state, and handoff evidence without sending the PDF to a decrypt service.

Can it recover a forgotten password?

No. A known password is required for encrypted files, and the workflow does not guess, crack, bypass, or recover passwords. Ask the document owner for the open or owner password.

Why does a PDF that opens still show an encryption marker?

Some PDFs use an empty open password with owner-level restrictions. They can open without a prompt while still carrying an /Encrypt dictionary and permission bits that conforming readers may enforce.

Why is Analyze PDF unavailable?

Analyze PDF is unavailable while scanning, before a source file is selected, or when the selected file is larger than Browser scan limit. Choose one PDF, wait for the scan, or adjust the limit within 10 MB to 200 MB.

What should I verify after a future decrypt worker runs?

Open the output without a password prompt, compare page count and key pages, check forms and attachments, review signatures, and confirm the destination system accepts the new copy before replacing the source.

Glossary:

Encryption dictionary: PDF security data that describes how encrypted content is opened and which permissions apply.
User password: The open password used to read an encrypted PDF with the permissions chosen by the owner.
Owner password: The credential used to manage PDF security settings and remove or change permission restrictions.
Permission bits: Flags in the encryption dictionary that describe reader behavior such as printing, copying, editing, and annotation.
End marker: The %%EOF marker near the tail of a PDF that helps show where the file should finish.
Decrypt worker: The production component that would authenticate the password, rewrite the PDF, and verify the unlocked output.

References:

Working with Document Security, Adobe Acrobat-PDFL SDK.
PDF Encryption, qpdf 12.3.2 documentation, 2026.
Running qpdf, qpdf 12.3.2 documentation, 2026.