How to lock a confidential business report with a password
- Step 1Compile the final board pack into one PDF — Merge all sections into the final pack first — for example with the PDF merge tool. Encrypt the assembled pack, not the individual sections.
- Step 2Optionally watermark it CONFIDENTIAL — Run the pack through the watermark tool for a visible deterrent before encryption. Encryption stops unauthorised opening; the watermark discourages screenshots and printing by those who can open it.
- Step 3Open the Password Protect tool and drop the pack — Load it into the PDF Password Protect tool. Free tier handles up to 2 MB / 50 pages; large board packs usually need Pro (50 MB / 500 pages).
- Step 4Set a unique per-meeting password — Type a distinct password for this meeting into the single field. Using a new password each cycle means last quarter's key never opens this quarter's pack — a clean, low-effort access-rotation model.
- Step 5Encrypt and distribute the pack — Download the encrypted pack and send it to the board distribution list. A blank password is rejected, so you can't accidentally send an unprotected pack.
- Step 6Share the password out-of-band before the meeting — Send the password by SMS or read it on a pre-meeting call — never in the same email as the pack. Remind directors to download the file (board portals and email previews may not open encrypted PDFs inline).
Access rotation via per-meeting passwords
Using a fresh password each meeting is the practical access-control model this single-password tool supports.
| Meeting | Pack password | Who can open it |
|---|---|---|
| Q1 board pack | q1-Vr7$mKp2 | Anyone given the Q1 password |
| Q2 board pack | q2-Lz9#nWk4 (new) | Only those given the Q2 password — Q1 key is useless |
| Special / confidential session | spec-Tg3!qXr8 (new) | Only the smaller invited group |
Open lock vs. read-only board distribution
Decide which you actually need before distributing the pack.
| Goal | Use | Behaviour |
|---|---|---|
| Stop unauthorised people opening the pack | This tool (open password) | Password required to open; printing/copying allowed once open |
| Allow opening but block printing/copying | pdf-permission-setter | Owner password + Block-printing / Block-copying toggles |
| Visible deterrent on every page | pdf-watermark | CONFIDENTIAL overlay (not access control) |
| Page-level audit numbering | pdf-bates-numbering | Sequential stamps for governance trails |
Cookbook
Board and executive-report scenarios with the exact tool behaviour for each.
Quarterly board pack with a per-meeting password
Compile, encrypt with a meeting-specific password, distribute. Next quarter gets a new password, so a director who left can't open the new pack with the old key.
Input: board-pack-2026-Q2.pdf (38 pages, 6.1 MB) [Pro tier] Field: Set password = "q2-2026-Vr7$mKp2Lz" qpdf (browser): --encrypt q2-2026-Vr7$mKp2Lz q2-2026-Vr7$mKp2Lz 256 ... Distribute encrypted pack to the board list. SMS the password to current directors only.
Watermark + encrypt for a layered deterrent
A visible CONFIDENTIAL stamp plus a cryptographic lock. The watermark discourages casual sharing; the password stops anyone without the key opening it at all.
Step 1 — pdf-watermark: text "CONFIDENTIAL", opacity 0.15 Step 2 — pdf-password-protect: AES-256 open password Result: a pack that won't open without the password, and that shows CONFIDENTIAL across every page once it does.
Compress a heavy pack before encrypting on the free tier
Board packs with embedded charts and scanned appendices blow past 2 MB. Compress to fit the free-tier limit, then encrypt.
board-pack.pdf 4.7 MB -> over the 2 MB free limit (blocked) Step 1 — pdf-compress-lossy: 4.7 MB -> 1.6 MB Step 2 — pdf-password-protect: encrypts fine (under 2 MB) Or upgrade to Pro (50 MB) and skip compression.
Remove the password once the embargo lifts
After results are public, the pack no longer needs protection for archiving. Decrypt it for the records system.
pdf-remove-password: Enter current password = "q2-2026-Vr7$mKp2Lz" -> unlocked board-pack-2026-Q2.pdf for the archive qpdf --decrypt strips the encryption dictionary cleanly.
Encryption won't stop a director printing the pack
Boards often assume a password also stops printing. It does not — once opened, the pack prints and copies normally. If a paperless, no-print policy matters, that's the permission setter's job.
Director opens encrypted pack with password. Print to PDF / paper -> allowed Copy a table into email -> allowed To enforce no-print, use pdf-permission-setter with Block printing enabled instead of (or before) this tool.
Edge cases and what actually happens
You expected the password to also block printing the pack
By designThis tool sets an open password and leaves printing, copying, and editing allowed (--print=full --extract=y --modify=all). For a no-print board distribution, use the permission setter, which adds an owner password and Block-printing / Block-copying toggles.
Open and owner passwords need to differ
ExpectedThe Password Protect tool has one field, so the open and owner passwords are identical. If governance requires a separate owner password (for example, distribute the open password to directors but keep an owner password for the secretariat), use the permission setter, which exposes a dedicated owner field.
Board pack exceeds the tier size or page limit
BlockedFree tier caps at 2 MB / 50 pages — most board packs exceed both. Compress with the lossy compressor to fit free, or use Pro (50 MB / 500 pages). The file is blocked before processing if it's over the limit.
Distributing a pack that was already encrypted
ErrorIf you try to encrypt a pack that already has a password (e.g. one returned by a director and re-shared), qpdf can't read it and errors (exit code 2). Decrypt first with the remove-password tool, then re-encrypt with the new meeting password.
A former director still has last quarter's password
Mitigated by rotationAn old password opens only the pack it was set on. Using a fresh password each meeting means a departed director's key can't open the new pack — that's the access-rotation benefit of per-meeting passwords. The current pack stays sealed to them.
Board portal won't preview the encrypted pack
ExpectedMany board portals and email clients can't render an encrypted PDF in their inline viewer. Directors must download the file and open it in a reader, where the password prompt appears. Note this in the distribution message.
qpdf returns warnings on a heavily-merged pack
PreservedA pack assembled from many sources may trip qpdf's warning path (exit code 3), but the encrypted output is still valid and is returned. Open it once to confirm the password prompt before sending to the board.
Secretariat loses the meeting password
UnrecoverableThere's no master key and nothing is stored server-side. If the only password is lost, the encrypted pack can't be opened — keep the pre-encryption source pack in your secure records until the meeting concludes. AES-256 with a strong password is not brute-forceable.
Frequently asked questions
Should I use different passwords for each board member?
It's possible to encrypt a separate copy per director, but it's impractical and creates many files to track. The clean model this single-password tool supports is one strong password per meeting, rotated each cycle. Revoke access by giving the next meeting's pack a new password — the old key stops working.
Does the password stop directors from printing the pack?
No. This tool sets an open password only; printing and copying are allowed once the file is opened. If you need a no-print, no-copy board distribution, run the pack through the Permission Setter, which sets an owner password and lets you block printing and copying.
Can I set a separate owner password for the secretariat?
Not in this tool — it has a single field, so the open and owner passwords are the same. The Permission Setter has a dedicated owner-password field if you need to distinguish who can open from who can change permissions.
What encryption strength protects the report?
Real AES-256, applied by a qpdf WebAssembly build running in your browser. The pack's plaintext and the password never leave your device — relevant when the file contains pre-announcement financials or strategy.
What happens when the password is no longer needed?
Use the Remove Password tool to decrypt the pack for clean archiving once the embargo or confidentiality window has passed. You'll need the password you set; qpdf strips the encryption and returns an unlocked copy.
Can I add a CONFIDENTIAL watermark as well?
Yes — watermark the pack with the Watermark tool first, then encrypt. The watermark is a visible deterrent on every page; the password is the actual access control. They complement each other.
My board pack is too large for the free tier — what now?
Free tier caps at 2 MB and 50 pages, which most packs exceed. Compress with the lossy compressor to fit, or upgrade to Pro (50 MB / 500 pages) and encrypt the full pack directly.
A director says the pack won't open in our board portal — why?
Most portals and email previews can't render an encrypted PDF inline. The director needs to download the pack and open it in a PDF reader, which will then prompt for the password. It's normal behaviour for encrypted files.
If a director leaves, can they still open the pack?
They can open any pack whose password they already had, but not future packs if you rotate the password each meeting. That's the value of per-meeting passwords — the new pack is sealed to anyone without the new key.
Is the unencrypted pack ever uploaded?
No. Encryption runs entirely in the browser via qpdf-wasm. The plaintext pack and the password stay on your device; only the encrypted result is downloaded for distribution.
Can I encrypt several meeting packs at once?
On Pro, batch processing allows up to 5 files; on the free tier it's one at a time. For distinct per-meeting passwords you'd typically encrypt each pack separately anyway, since the password differs per file.
What if I lose the meeting password?
There's no recovery — nothing about the password is stored and AES-256 can't be brute-forced. Keep the pre-encryption source pack in your secure records until the meeting is over, so you always have an unlocked copy to fall back on.
Privacy first
All PDF processing runs locally in your browser using PDF-lib and pdf.js. No file is ever uploaded — only metadata counters are saved for signed-in dashboard stats.