PDF Security Inspector

How to use

1. 1Drop a .pdf file onto the upload area or click Choose file. Up to 500 MB is supported.
2. 2If the PDF is not encrypted, the tool reports that no /Encrypt entry exists and the document has no restrictions.
3. 3If the PDF is encrypted, read the Encryption card for the algorithm, key length, and a Strong / Weak / Obsolete strength badge.
4. 4Review the Security handler card for the /Filter, /V, /R, /Length, /CF, and metadata flag values, plus whether user and owner password hashes are present.
5. 5Scan the Permissions grid to see which of the eight ISO 32000-1 actions (print, modify, copy, annotate, fill, accessibility, assemble, high-resolution print) are allowed or denied.
6. 6Use Copy summary to grab the full report as plain text, or Clear to load a different PDF.

About this tool

PDF Security Inspector decodes the encryption handler of any PDF in your browser, without uploading the file. It locates the trailer's /Encrypt indirect reference, follows it to the standard security handler dictionary, and reads every entry the PDF specification defines: /Filter (Standard for password-based PDFs, Adobe.PPKLite for public-key handlers), /V algorithm version (1 for RC4 40-bit, 2 for RC4 up to 128-bit, 4 for AES-128 or RC4-128 via named crypt filters, 5 for AES-256), /R handler revision (2 through 6, which controls the password derivation rules), /Length key length in bits, /EncryptMetadata flag, the crypt filter map /CF with /StmF, /StrF, and /EFF filter names, and the /U and /O hashed password entries. The 32-bit /P permissions value is converted to its unsigned form and split into the eight meaningful bits per ISO 32000-1 Table 22, with one card per permission: print at low resolution (bit 3), modify the document (bit 4), copy or extract text and graphics (bit 5), add or edit annotations and form fields (bit 6), fill in form fields (bit 9), extract for accessibility (bit 10, always granted for PDF 2.0 / R=6 because the spec deprecates the bit), assemble pages and bookmarks (bit 11), and print at high resolution (bit 12). Each card shows whether the action is allowed or denied, a short explanation of what that bit governs, and the raw bit number, so the result is immediately useful for legal, compliance, accessibility, IT, and forensics work. The algorithm card classifies the security as Strong (AES-256 with R=6), Weak (AES-128, RC4-128), or Obsolete (RC4 40-bit, RC4 with the original V=1 handler) and explains why. Reading happens locally with file.arrayBuffer() and a 7-bit ASCII scan of the file's Latin-1 view, the same technique used by the other PDF tools on this site, so nothing about the document or its restrictions leaves your tab. The tool reports the inspected state honestly: PDF permission bits are an honor system that compliant readers respect, but they are not enforced cryptographically, so a denied bit is policy rather than protection.

Free to use. Works in your browser. No signup, no login.