PDF Security Explained: Encryption, Redaction, and Watermarks (2026)

A medical research center has 200 patient records that need to be shared with an external statistician for analysis. The records contain PHI; the data needs to be available for analysis but the patient identities must be redacted. The privacy officer applies a black rectangle over each name in the PDFs, considers the job done, and forwards the files. The statistician opens one of the redacted PDFs in Adobe Acrobat, double-clicks the black rectangle, and finds the original name still readable in the underlying text — the rectangle was an annotation overlay, not actual content removal. The privacy breach is real, the records still contain identifying information, and the center may face HIPAA notification obligations. After helping hundreds of users get PDF security right, the lesson is that PDF security has three distinct mechanisms — encryption, redaction, watermarking — that solve different problems, and using the wrong mechanism (or implementing the right one incorrectly) is the most common failure mode. This guide covers what each mechanism actually does at the byte level, when each is appropriate, and the implementation failures that leak data.

For the operations covered: PDF protect (encryption), PDF redact, PDF redaction permanent, PDF redact by pattern, and PDF watermark are the relevant browser-based tools.

PDF tools

Merge PDFs

Combine multiple PDFs

Compress PDF

Shrink PDF file size

Extract Pages

Pull pages from a PDF

Browse all tools →

Encryption: Locking the Document

PDF encryption controls who can open a document and what they can do once open. Two distinct mechanisms within encryption:

User password (open password): required to decrypt and open the PDF. Without the password, the file content is encrypted (using AES-128 or AES-256 in modern PDFs) and inaccessible. PDF readers prompt for the user password before showing any content. Use to control who can read the document.

Owner password (permissions password): controls what users can do after opening — print, copy text, add annotations, fill forms. The PDF opens normally for everyone, but restricted operations are blocked unless the user supplies the owner password.

Modern PDFs use AES (Advanced Encryption Standard) for encryption — AES-128 from PDF version 1.6 (Adobe Acrobat 7) and AES-256 from PDF 2.0 (current default). The NIST SP 800-38A specification on AES modes covers the algorithm. Older PDFs used 40-bit and 128-bit RC4, which are now considered cryptographically weak and should not be used for new documents.

Cryptographic strength:

AES-256 (current default): 2^256 keyspace, mathematically secure against brute-force attack in the foreseeable future
AES-128: still cryptographically secure
128-bit RC4: deprecated; cipher has known weaknesses
40-bit RC4: trivially brute-forceable in hours on consumer hardware

The owner-password's enforcement is conventional, not cryptographic. PDFs without an owner password but with restrictions still rely on PDF readers honoring the restriction flags. Most tools — including Adobe's own PDF tools, as covered in the Wikipedia article on PDF encryption history — can strip owner-password restrictions without supplying the owner password. Owner passwords deter casual circumvention; they don't provide actual security against a motivated user.

Practical implication: protect content from unauthorized access with the user password, not the owner password. Owner passwords are appropriate when you've already established trust with the recipient and want to add a procedural barrier.

The federal eCFR 45 CFR Part 164 (HIPAA Security Rule technical safeguards) explicitly requires NIST-validated encryption for PHI; AES-128 and AES-256 satisfy this, legacy RC4 does not.

Redaction: Removing Content Permanently

Redaction is the permanent removal of content from a document. Distinct from "covering up" — the underlying content must actually be deleted so it can't be recovered by un-cover-ing.

Three categories of redaction failure:

1. Annotation overlay (the most common failure). Drawing a black rectangle over text using PDF annotation tools. The annotation is rendered on top of the underlying text but doesn't modify the text content. The text remains in the PDF's content stream, recoverable by:

Removing the annotation in Adobe Acrobat (right-click → delete annotation)
Copying the area's text (the cursor sweeps the rectangle; the underlying text gets selected)
Extracting text via tools like pdftotext that ignore annotations
Searching the PDF for keywords (the redacted text is still indexed)

2. White text on white background. Setting redacted text color to match the background (so it's invisible). The text is still in the content stream and trivially recoverable by changing color or copying.

3. Image cover-up without underlying removal. Pasting a white rectangle image over text. Same failure mode as #1 — the underlying text persists.

Proper redaction requires:

Removing the actual text from the PDF's content stream
Removing any matching text from PDF metadata (author, subject, keywords)
Removing any embedded files or attachments containing the redacted info
For scanned PDFs, modifying the image content to actually obscure the redacted region (not just overlay)
Re-saving the PDF without an undo history that could restore the redacted content

The scoutmytool PDF redaction permanent tool implements proper redaction: it identifies content in the PDF stream, removes it, removes metadata references, and re-saves without undo history. The PDF redact by pattern tool auto-detects patterns (SSNs, credit card numbers, dates) for batch redaction.

The federal eCFR 45 CFR Part 164.514 (HIPAA Privacy Rule de-identification standard) defines what removal counts as proper de-identification of PHI. Improper redaction that leaves PHI recoverable doesn't satisfy the de-identification standard.

The Wikipedia article on redaction covers the broader practice including high-profile redaction failures (the "Manafort court filing" 2019, where redacted text was recovered by selecting the black rectangles).

Watermarks: Marking Without Hiding

Watermarks are visible or invisible markings applied to a PDF that identify the document or its origin. Distinct from encryption (doesn't restrict access) and redaction (doesn't remove content). Two categories:

Visible watermarks: text or image drawn semi-transparently across pages. Common uses: "DRAFT," "CONFIDENTIAL," "DO NOT DISTRIBUTE," company logos, recipient identifiers ("Prepared for Acme Corp"). Visible watermarks are decoration on top of content; they don't restrict access.

Invisible (digital) watermarks: data embedded in the PDF's content streams in ways that don't affect visible rendering but can be detected by analysis. Used for:

Forensic tracking (knowing which copy was leaked)
Authenticity verification (detecting modification)
Copyright assertion (proving origin)

Visible watermarks can be removed by users with sufficient PDF-editing tools. They work as a procedural deterrent ("if you remove this DRAFT watermark, you're explicitly tampering"), not as a technical control.

Invisible watermarks resist casual removal but can be defeated by sophisticated attackers with knowledge of the embedding scheme. They work as a forensic-investigation tool, not as a copy-protection control.

Use the scoutmytool PDF watermark tool or PDF image watermark for visible watermarking. For pattern-based watermarking applied to many documents, the PDF watermark by pattern tool handles batch operations.

When to Use Each Mechanism

Use encryption when:

You want to control who can read the document
You're sending sensitive content over insecure channels (email)
You're storing sensitive content on third-party infrastructure
HIPAA / regulated context requires encryption-at-rest

Use redaction when:

The recipient should see the document but not see specific content
You're producing documents for FOIA, legal discovery, or regulatory disclosure with required redactions
You're de-identifying PHI for research or external review

Use watermarks when:

You want to deter casual copying or repurposing
You want to identify the source of leaks ("watermarked for Recipient X" enables forensic tracing)
You want to mark draft or non-final status visibly

Encryption + redaction is a common combination: redact content from the document, then encrypt the redacted output for transmission. Watermarks are often added on top of either or both.

Worked Examples

Example 1 — HIPAA medical-records release. A hospital releases a patient's records to a researcher. Records contain the patient's identity (must be removed) and the patient's medical conditions (must remain for research). Workflow: use PDF redact to remove identifying fields (name, address, SSN, MRN, exact dates), confirm via PDF redaction permanent that the underlying content is actually gone (not just overlaid), protect-PDF with AES-256 user password before transmission to researcher.

Example 2 — Legal discovery production. A law firm produces 10,000 pages of discovery to opposing counsel. Some pages contain attorney work-product or privileged communications that must be redacted; everything else must be produced. Workflow: review and mark redactions, apply via PDF redaction permanent, run PDF Bates numbering for evidentiary tracking, encrypt with AES-256 for transmission. The PDF redaction comparison demo and PDF redline comparison help verify redaction completeness.

Example 3 — Confidential M&A document distribution. Investment banker shares a confidential pitch deck with 12 prospective buyers. Uses PDF watermark with each buyer's name to enable leak tracing; protect-PDF with AES-256 + per-recipient password. If the deck leaks, the watermark identifies which buyer's copy.

Example 4 — Tax preparer email passthrough. CPA emails a draft 1040 to a client. Uses protect-PDF with AES-256 user password. Sends password via SMS, not email. Recipient reads the protected PDF; CPA retains the original. No redaction needed (the client should see everything); no watermark needed (single-recipient context). Encryption alone solves the privacy concern.

Common Pitfalls

Drawing black rectangles for "redaction". The most common redaction failure. Annotations don't remove underlying content. Use PDF redaction permanent which actually removes the content from the PDF's content stream.

Forgetting to scrub metadata. PDF metadata (Title, Author, Keywords, Subject, embedded XMP data) often contains content that the visible-page redaction missed. Always run PDF scrub metadata after redaction.

Encrypting without sharing the password through a separate channel. Emailing the encrypted PDF and the password in the same email defeats encryption's purpose. Use SMS, phone, or a separate secure channel for the password.

Reusing passwords across documents. Compromise of one document's password compromises all others using the same password. Generate unique passwords per document or per recipient.

Watermark only — no encryption. Watermarks deter casual misuse but don't restrict access. For sensitive content, watermark + encryption.

Owner-password-only protection. Owner passwords don't actually restrict access; they restrict operations within an open document, conventionally. Use a user password for actual access control.

Trusting "secure" cloud-PDF-tools to redact correctly. Some online tools that promise "redact PDF" implement annotation overlay rather than content removal. Test by selecting the redacted area in the output — if you can copy text, redaction is broken.

Forgetting embedded files and attachments. PDFs can contain embedded files (other PDFs, spreadsheets, images). Redaction of the visible content doesn't necessarily remove embedded attachments; check via PDF list hyperlinks or similar inspection tools.

Re-using a redacted PDF as input to anything that re-renders. If the redacted PDF is OCR'd, exported to Word, or re-saved through a tool that doesn't fully respect the redaction, content can leak.

Frequently Asked Questions

Q: Is AES-256 PDF encryption breakable? A: Mathematically, no — it's secure against brute-force attack in the foreseeable future. Practically, weak passwords are the failure mode. AES-256 with a 6-character lowercase password is brute-forceable in seconds; AES-256 with a 16-character mixed password is secure for decades. Use strong passwords.

Q: Can I un-redact a properly-redacted PDF? A: For redaction performed by PDF redaction permanent or equivalent proper-redaction tools, no — the content is removed from the PDF, not just overlaid. The result PDF doesn't contain the redacted information. For improper "annotation overlay" pseudo-redaction, yes — the underlying text is recoverable.

Q: What's the difference between PDF redaction and image-based redaction? A: PDF redaction operates on the PDF's content stream — removing text characters, vector elements, and image regions. Image-based redaction (overlaying a rectangle) is a visual-only operation that doesn't modify the underlying content. PDF redaction is what's needed for actual data removal.

Q: Do watermarks prevent copying? A: No. Watermarks are decoration; they're visible to readers and can be removed with sufficient PDF-editing tools. Watermarks deter casual copying and enable forensic tracing of leaks; they don't technically prevent copying.

Q: How strong of a password do I need for sensitive content? A: For high-stakes content (medical, legal, financial), minimum 16 characters mixed case + numbers + symbols, OR a 5-word random passphrase. For ordinary content, 12-character mixed is fine. Avoid dictionary words, names, and dates.

Q: Are my files uploaded when I use the redaction tool? A: No. The scoutmytool PDF redaction tools run entirely in your browser. The file content stays on your computer. Verify in browser DevTools' Network tab that no upload requests fire during processing.

Q: Can I redact a scanned PDF (image-based)? A: Yes — the redaction must modify the image content (not just overlay), then re-OCR if you want a clean text layer afterward. Browser-based tools can handle this for moderately-sized documents; for very-large scanned archives, desktop tools may be more appropriate.

Wrapping Up

PDF security has three distinct mechanisms — encryption, redaction, watermarking — solving three different problems. Use PDF protect with AES-256 to control access, PDF redaction permanent to actually remove content (not just overlay), PDF watermark to mark provenance and deter casual misuse. Pair with PDF scrub metadata to clean hidden information after any redaction. For broader PDF security and document workflows, see the scoutmytool PDF tools index.