Remove PDF Passwords on Linux: qpdf, pdftk, and Poppler from the Command Line

Why Linux is the right environment for this

Every Linux distribution ships qpdf in the default package repositories. There is no installer, no license agreement, no trial version, and no watermark. The tool reads the PDF specification accurately, handles every encryption version defined by ISO 32000, and writes output that other PDF software reads correctly. Because it is a command-line program, it integrates naturally into scripts, cron jobs, and CI pipelines. Scanning thousands of PDFs on a server is trivial on Linux and awkward everywhere else.

The counterpart to qpdf is pdftk, which has a longer history and a more familiar command interface for anyone who worked with PDFs in the early 2010s. pdftk is still useful for splitting, merging, and page manipulation, but for password removal on modern files qpdf has clear advantages. Poppler-utils, the third tool we cover, provides inspection commands that tell you exactly what is inside a PDF before you decide which tool to use on it.

Install qpdf and pdftk on your distribution

sudo apt update sudo apt install -y qpdf pdftk-java poppler-utils

sudo dnf install -y qpdf pdftk poppler-utils

sudo pacman -S qpdf poppler yay -S pdftk

# Alpine apk add qpdf poppler-utils # OpenSUSE sudo zypper install qpdf poppler-tools

qpdf usage: the five commands you will use

qpdf has many options but the password removal workflow comes down to five patterns. Learn these and you are done. Each one is a complete command line that reads an input, applies an operation, and writes an output. qpdf does not modify files in place, which is a safety feature rather than a limitation.

qpdf --password=MyPass123 --decrypt input.pdf output.pdf

qpdf --password="" --decrypt input.pdf output.pdf

qpdf --password=MyPass123 --decrypt --linearize input.pdf output.pdf

qpdf --show-encryption input.pdf

qpdf --check input.pdf

The --show-encryption command is particularly useful because it prints the algorithm, key length, permission bits, and whether the user password is required. If it tells you User password = (none) it means the open password is empty and only an owner password exists. In that case you can decrypt with an empty --password argument without knowing anything else.

pdftk usage and its limitations

The pdftk command for password removal uses the input_pw syntax and is still useful on files that use RC4 or AES-128:

pdftk input.pdf input_pw MyPass123 output output.pdf

For decades this was the go-to Linux command, and it still appears in countless tutorials. The problem is AES-256. When Adobe introduced AES-256 in Acrobat X, the password derivation moved from a simple MD5-based routine to a more complex scheme using SHA-256 and, in PDF 2.0, an SASLprep step for password normalization. The original iText library that pdftk built on never caught up. pdftk-java inherits some of the same limitations because the upstream code the fork started from predated full AES-256 support.

The symptom is that pdftk will say OWNER PASSWORD REQUIRED, or INVALID PASSWORD, or in some cases it will produce an output file that looks correct but fails to open in any viewer because the decryption did not actually complete. qpdf does not have this problem. When a PDF is AES-256 and pdftk struggles, the right thing to do is switch tools rather than debug the pdftk invocation. You can tell whether a file uses AES-256 from qpdf --show-encryption: look for R = 5 or R = 6 in the output. R = 4 is AES-128, R = 3 is 128-bit RC4, R = 2 is 40-bit RC4.

Poppler-utils for inspection

Poppler is the PDF rendering library that powers many Linux viewers, and its command-line tools are indispensable for diagnosis. The most useful ones for password work are pdfinfo and pdftotext. pdfinfo prints the document metadata, including the encryption block, and pdftotext attempts to extract text, which gives you a reality check that the decrypted output really is decrypted.

pdfinfo input.pdf pdfinfo -enc input.pdf pdftotext -upw YOURPASS input.pdf -

The -upw flag to pdftotext stands for user password and passes the password through to the decryption stage before text extraction. Piping to - sends the output to stdout so you can grep for strings you expect to see. If the output is empty or shows only garbage, the decryption failed even if the tool did not return an error code, which is a useful early warning.

Batch password removal with bash

For folders of files that share a single password, a simple for-loop is enough:

#!/usr/bin/env bash set -euo pipefail PASS="MyPass123" mkdir -p decrypted for f in *.pdf; do qpdf --password="$PASS" --decrypt "$f" "decrypted/$f" \ && echo "OK: $f" \ || echo "FAIL: $f" done

For files with different passwords, a mapping file is cleaner than trying to encode passwords in file names. The mapping file holds one line per PDF with the filename and password separated by a tab, and the script reads it line by line:

#!/usr/bin/env bash set -euo pipefail mkdir -p decrypted while IFS=
#x27;\t' read -r file pass; do qpdf --password="$pass" --decrypt "$file" "decrypted/$(basename "$file")" done < passwords.tsv

To parallelize across CPU cores when you have hundreds of files, xargs with the -P flag is the simplest option. Each qpdf invocation is single-threaded and CPU-light, so spawning eight in parallel on an eight-core machine gives nearly linear speedup. Our batch password removal guide expands on the design choices for larger jobs.

Quick tool chooser

Why pdftk fails where qpdf succeeds

The underlying reason is that AES-256 in PDF 2.0 uses a different key derivation function than earlier PDF versions. In PDF 1.7 Adobe Extension Level 3, the password was converted to UTF-8, truncated to 127 bytes, and mixed with a salt using SHA-256 and a fixed algorithm. In PDF 2.0, Adobe added a full SASLprep-style string preparation step and a more complex validation routine that checks both user and owner passwords with different paths. The iText versions that pdftk was forked from never implemented the PDF 2.0 path completely.

qpdf, in contrast, was actively maintained through these changes. Jay Berkenbilt added PDF 2.0 support well before most other tools, and every new release handles the latest wrinkles. On top of that, qpdf has a design principle of failing loudly rather than silently producing broken output, which means when it does fail, you get a clear error message rather than a file that happens to look plausible.

There is one more qpdf advantage worth mentioning. qpdf can produce an output file that structurally matches the input, preserving cross-reference streams, object streams, and stream filters. pdftk tends to rewrite the PDF into a simpler canonical form. For most users this does not matter, but for forensic or archival work where byte-level preservation is important, qpdf is the only choice.

What if you do not know the password?

qpdf and pdftk both require the password. They are decryption tools, not recovery tools. If the file will not open in any viewer because of an unknown user password, the Linux command-line approach has nothing to offer. You need to match the encryption type against a realistic recovery path. For older PDFs, recovery is often practical; see 40-bit PDF recovery for the mechanics. For modern AES-256 PDFs, recovery only works when the password is weak. Our forgot PDF password page covers the decision tree.

A common edge case that does not require recovery: owner-password-only PDFs. Many PDFs have an owner password that restricts printing and copying but leave the user password empty. qpdf --password="" --decrypt handles these directly, and most viewers will open them without any prompt at all. Always try the empty password first before assuming you need recovery.