How to secure financial statement pdfs with password encryption
- Step 1Export the statement from your accounting software as a PDF — Export from Xero, QuickBooks, Sage, or your tax software as a final PDF. Encrypt the exported file — don't try to encrypt within the accounting package.
- Step 2Check it fits the tier limit — A typical statement export is well under 2 MB; a full statutory accounts pack with notes may exceed it. Free tier caps at 2 MB / 50 pages; Pro at 50 MB / 500 pages. Compress with the lossy compressor if a scanned pack is too big for free.
- Step 3Open the Password Protect tool and drop the statement — Load it into the PDF Password Protect tool. One PDF at a time. The figures are processed locally — nothing is uploaded.
- Step 4Set a strong password (14+ characters) — Type a long, random password into the single
Set passwordfield — 14+ characters with mixed case, digits, and symbols. It becomes both the user and owner password. Avoid the company name, year-end date, or registration number. - Step 5Encrypt and download — qpdf applies AES-256 and you download the encrypted statement. Open it once yourself to confirm the password prompt appears before any figures show.
- Step 6Send the statement and password through separate channels — Email or portal the encrypted PDF to the auditor/lender; send the password by SMS or phone. Tell them to download the file — preview panes won't open an encrypted statement.
Financial export sources and what to do before encrypting
Common accounting exports and the practical step before applying the password.
| Source | Typical export | Pre-encrypt step |
|---|---|---|
| Xero / QuickBooks / Sage | Statement PDF, usually < 1 MB | Encrypt directly — fits the free tier |
| Statutory accounts pack (with notes) | Multi-section PDF, may exceed 2 MB | Compress to fit free, or use Pro |
| Scanned signed accounts | Image-heavy, often > 2 MB | Compress then encrypt |
| Tax return PDF | Single statement, small | Encrypt directly |
| Multiple statements to one lender | Several PDFs | Merge into one pack, then encrypt |
What AES-256 protects — and what it doesn't
Encryption is the strong part; the password and post-open actions are where to be deliberate.
| Concern | Status | Detail |
|---|---|---|
| Figures unreadable without the password | Protected | AES-256 open password (--encrypt … 256) |
| Brute-forcing the encryption | Infeasible | AES-256 is not crackable; the password is the only weak point |
| Auditor printing/copying after opening | Allowed | Use pdf-permission-setter to block |
| Weak password (company name + year) | Vulnerable | Guessable by anyone who has the file |
| Recovering a forgotten password | Impossible | Nothing is stored; keep the source file safe |
Cookbook
Finance-team scenarios and exactly what the tool does for each.
Sending year-end accounts to the auditor
Export the accounts, encrypt with a strong unique password, send via the audit portal, and phone the password through. Numbers stay sealed in transit.
Input: YE2026-statutory-accounts.pdf (18 pages, 980 KB) Field: Set password = "Au!dT-7mKpQ2rLz9" qpdf (browser): --encrypt Au!dT-7mKpQ2rLz9 Au!dT-7mKpQ2rLz9 256 ... Upload encrypted accounts to the audit portal. Phone the partner to read out the password.
Merge several statements into one encrypted lender pack
A lender wants the balance sheet, P&L, and cash-flow as one secured file. Merge first, then encrypt the combined pack with a single password.
Step 1 — pdf-merge: balance-sheet.pdf + p&l.pdf + cash-flow.pdf -> lender-pack-2026.pdf Step 2 — pdf-password-protect: Set password = "Ld$nr-2026-Vp7qWk" One encrypted pack, one password to share with the lender.
Compress a scanned signed accounts PDF to fit the free tier
A scanned, signed accounts file is image-heavy and over 2 MB. Compress to fit free, then encrypt — or skip straight to encrypting on Pro.
scanned-signed-accounts.pdf 5.8 MB -> over 2 MB free limit Step 1 — pdf-compress-lossy: 5.8 MB -> 1.7 MB Step 2 — pdf-password-protect: encrypts under the 2 MB cap (Or use Pro's 50 MB limit and encrypt the 5.8 MB file directly.)
Confirming the figures are unchanged after encryption
Encryption must not alter a single number. qpdf re-wraps the file structure; the content stream is untouched. Verify by opening and spot-checking totals.
Before: Total assets 4,182,640 | Net profit 318,902 Encrypt -> open with password -> After: Total assets 4,182,640 | Net profit 318,902 Identical. Encryption changes how the file opens, not its contents.
Encryption won't stop the lender printing the accounts
A lender who opens the file can print and copy the figures. That's allowed by design. If a no-print restriction is required, that's the permission setter, not this tool.
Lender opens encrypted accounts with the password. Print / export figures -> allowed (--print=full, --extract=y) For view-only accounts, use pdf-permission-setter with Block printing and Block copying enabled.
Edge cases and what actually happens
You expected printing/copying of the figures to be blocked
By designThis tool sets an open password and allows printing, copying, and editing once the file is open. To stop an auditor or lender printing or extracting the figures, use the permission setter, which sets an owner password and Block-printing / Block-copying toggles.
A separate owner password is required
ExpectedThe Password Protect tool has a single field, so the open and owner passwords are the same. If you need to distribute an open password while keeping a different owner password in finance, use the permission setter, which has a dedicated owner field.
The accounts pack exceeds the tier limit
BlockedFree tier caps at 2 MB and 50 pages; statutory packs with notes and scanned signatures often exceed both. Compress with the lossy compressor to fit free, or use Pro (50 MB / 500 pages). Over-limit files are blocked before encryption.
The statement is already password-protected
Errorqpdf can't read an encrypted file to re-encrypt it, so this errors (exit code 2: corrupted or unsupported encryption). Decrypt with the remove-password tool first, then apply the new password.
Weak password chosen (company name + year-end)
VulnerableAES-256 is unbreakable, but a guessable password isn't. The company name, registration number, or year-end date are the first things anyone holding the file would try. Use a 14+ character random password from a password manager.
Encryption appeared to change a figure
PreservedIt can't — qpdf re-wraps the file structure without re-rendering content streams, so every number is byte-identical. If a figure looks different, the difference predates encryption (check the source export). Spot-check totals before and after if you need assurance.
qpdf returns a warning on a merged accounts pack
PreservedA pack assembled from several statements can trip qpdf's warning path (exit code 3), but the encrypted output is valid and returned. Open it once to confirm the password prompt and the figures before sending.
Finance loses the password to filed accounts
UnrecoverableNothing about the password is stored anywhere and AES-256 can't be brute-forced. If the password is lost, the encrypted file can't be opened — always keep the source export in your secure finance records until receipt is confirmed.
Frequently asked questions
Can my accountant's or auditor's software open a password-protected PDF?
Yes. The output is a standard AES-256 encrypted PDF. Adobe Acrobat, Foxit, Apple Preview, and the PDF tooling inside professional accounting and audit packages all support it — they prompt for the password before showing any figures.
Does AES-256 mean the statement can't be cracked?
The AES-256 encryption itself is computationally infeasible to brute-force. The real attack surface is the password. With a strong, unique 14+ character password the file is effectively uncrackable; with a guessable one (company name, year-end) it isn't. Choose the password carefully.
Can I combine password protection with a print restriction?
Not in this single tool — it sets an open password and allows printing and copying once opened. To also block printing or copying, run the file through the Permission Setter, which sets an owner password and lets you turn those actions off.
Does encrypting change any of the figures?
No. qpdf re-wraps the file structure with an encryption layer; the content stream and every number are preserved exactly. The only change is that opening the file now requires the password. Spot-check totals before and after if you want assurance.
Are my financial figures uploaded anywhere?
No. Encryption runs entirely in your browser via qpdf-wasm. The plaintext statement and the password never leave your device — confidential numbers stay off any server or third-party processor. Only the encrypted file is downloaded.
What encryption is used?
Real AES-256. The browser runs a qpdf WebAssembly build with --encrypt <pw> <pw> 256. (An older note mentioned RC4 128-bit; the live browser path uses AES-256.)
How big a statement can I encrypt?
Free tier allows up to 2 MB and 50 pages — fine for most single statements. Statutory packs and scanned accounts often exceed that; compress them first, or use Pro (50 MB / 500 pages).
Can I send several statements as one secured file?
Yes — merge them into one PDF with the Merge tool, then encrypt the combined pack with a single password. The lender or auditor gets one file and one key.
Where should I send the password?
Through a different channel from the file — SMS or a phone call, never the same email. If the email carrying the encrypted accounts is intercepted or misdirected, the password is still safe out-of-band.
What if the recipient forgets the password?
Re-send it through the secure channel; you still hold it. There's no backdoor — the password never reached our servers and AES-256 can't be brute-forced — so keep the source export until receipt is confirmed.
Can the statement be decrypted later for archiving?
Yes. Once the accounts are filed and public, use the Remove Password tool with the password to produce an unlocked copy for the archive. qpdf decrypts given either the user or owner password, which are the same value here.
Can I encrypt an already-protected statement?
No — qpdf can't read an encrypted file to re-encrypt it, so the tool errors. Remove the existing password first (you'll need it), then apply the new one.
Privacy first
All PDF processing runs locally in your browser using PDF-lib and pdf.js. No file is ever uploaded — only metadata counters are saved for signed-in dashboard stats.