AES Encryption

AES (Advanced Encryption Standard) is the symmetric-key encryption algorithm used by virtually every modern system that needs strong encryption — from HTTPS connections to WiFi passwords to password-protected PDFs. Adopted by the US National Institute of Standards in 2001, it has withstood 25 years of public cryptanalysis without a practical attack being found.

AES-128 vs AES-256

The number refers to the key length in bits:

• AES-128 — 128-bit keys, 10 rounds of transformation. Still considered cryptographically strong for non-classified data.
• AES-256 — 256-bit keys, 14 rounds of transformation. Considered "quantum-resistant" against currently known quantum attacks and required for top-secret US government data.

For PDFs, AES-256 is now the default modern option. AES-128 is still supported for backward compatibility but offers no practical advantage over AES-256.

AES in PDFs

When you password-protect a PDF using AES:

1. Your password is passed through a key-derivation function to produce a 128 or 256-bit key

2. The PDF's content streams are encrypted with that key

3. Without the key (password), the content is cryptographically unreadable — not just hidden, but scrambled in a way that would take all the computing power on Earth longer than the age of the universe to undo

When AES is not enough

AES secures the file at rest. It does not protect you once the file has been opened and you share the decrypted content. It does not prevent screenshots, screen recording, or print-to-PDF re-encoding. A strong password is essential: AES-256 with a weak password ("1234", "password") is trivially broken by brute-force.

Tools

• Protect PDF applies AES-256 encryption with your password
• Unlock PDF removes the encryption from a PDF you can already open