What is the difference between the user password and the owner password?

The user password is needed to open and view the document. The owner password is needed to change permissions, remove encryption, or perform restricted actions. They can be the same string, but using different values is more secure.

Can I encrypt only part of a PDF?

No. PDF encryption applies to the entire document. If you need per-section access control, split the document first and encrypt each part separately.

Does encryption prevent printing?

Only if you set with_print(false) on your Permissions. Encryption and printing permission are independent settings.

Can PDFluent decrypt a PDF I did not encrypt myself?

Yes, if you have the password. Use OpenOptions::new().with_password("...") and pass it to PdfDocument::open_with. If the password is wrong, the call returns Err(Error::DecryptionFailed { reason: DecryptionFailureReason::WrongPassword }).

PDFluentSDK

← Editor Download

How-to guides/Security & Encryption

Encrypt a PDF with a password in Rust

Protect a PDF with a user password and an owner password. Choose AES-256 and configure fine-grained permission flags.

rust

use pdfluent::prelude::*;

fn main() -> Result<()> {
    let mut doc = PdfDocument::open("report.pdf")?;

    doc.encrypt(
        EncryptOptions::aes256()
            .with_user_password("open123")
            .with_owner_password("owner_secret")
            .with_permissions(
                Permissions::full_access()
                    .with_modify(false)
                    .with_copy(false),
            ),
    )?;

    doc.save("report_protected.pdf")?;
    Ok(())
}

Install:cargo add pdfluent@1.0.0-beta.5Download SDK →

Step by step

Open the PDF

Open the document you want to protect. Use a mutable binding.

rust

use pdfluent::prelude::*;

let mut doc = PdfDocument::open("report.pdf")?;

Choose the encryption algorithm

EncryptOptions::aes256() uses AES-256, which is the current best practice. EncryptOptions::aes128() is accepted but the 1.0 backend currently always emits AES-256 state; if strict 128-bit output matters for interop, track this as a known deviation.

rust

let opts = EncryptOptions::aes256();

Set user and owner passwords

The user password is required to open the document. The owner password unlocks all permissions. If you omit with_user_password, the document opens without a password but still enforces permission flags.

rust

let opts = opts
    .with_user_password("open_document_2025")
    .with_owner_password("full_access_secret");

Configure permissions

Start from a preset (Permissions::full_access, print_only, read_only, or annotate) and opt out of individual rights with the with_*(false) builders: with_print, with_modify, with_copy, with_annotate, with_fill_forms, with_extract_accessibility, with_assemble, with_print_high_quality.

rust

let perms = Permissions::full_access()
    .with_modify(false)
    .with_copy(false);

let opts = opts.with_permissions(perms);

Encrypt and save

Call encrypt() then save() to write the protected file. encrypt takes EncryptOptions by value (no reference).

rust

doc.encrypt(opts)?;
doc.save("report_protected.pdf")?;

Notes and tips

AES-256 requires PDF 1.7 or later. If you need compatibility with older readers, use EncryptOptions::aes128() — note that the 1.0 SDK currently emits AES-256 state regardless of the algorithm tag; strict AES-128 is tracked as a 1.1 follow-up.
The owner password controls the permission flags. Without it, even the software that created the PDF cannot bypass the restrictions.
Encryption does not compress the document. The file size stays roughly the same.
PDF/A documents must not be encrypted. Remove encryption before validating for PDF/A compliance.

Why PDFluent for this

Pure Rust

No JVM, no runtime, no DLL dependencies. Ships as a single native binary or WASM module.

Memory safe

Rust's ownership model prevents buffer overflows and use-after-free. No segfaults in PDF parsing.

Runs anywhere

Same code runs server-side, in Docker, on AWS Lambda, on Cloudflare Workers, or in the browser via WASM.

Frequently asked questions

Download PDFluent

Encrypt a PDF with a password in Rust

Step by step

Open the PDF

Choose the encryption algorithm

Set user and owner passwords

Configure permissions

Encrypt and save

Notes and tips

Why PDFluent for this

Frequently asked questions

Related guides