In pdftk I can see three options:
1$ pdftk input.pdf output protected-userpw.pdf userpw very_secret
2$ pdftk input.pdf output protected-ownerpw.pdf ownerpw very_secret
3$ pdftk input.pdf input_pw very_secret output protected-input.pdf
When I open protected-ownerpw.pdf and protected-input.pdf I am not asked for a password. Only protected-userpw.pdf gives the expected result. What does ownerpw and input_pw do?
I use qpdf to create unprotected files from protected ones. Now I wonder if this always works. Which password protection mechanisms does the PDF format support? and what qpdf supports.
Owner and User password different meanings
In a PDF document you can set security rights, as
These are actually only flags inside the document and it is up to the pdf viewer, if it obeys them or not.
When you set only an owner password, the user password is automatically set to empty. The PDF file is becoming still encrypted (all streams and strings will be saved in encrypted form), but it can be decrypted with the empty password. So you can open the PDF without any password input, but once opened you have only the rights to do something with the document, as specified in the security rights. So maybe he is not allowed to print the document.
When you set an user and owner password somebody who opens the PDF needs to specify either the owner or user password during opening. If he has specified the user password, his security rights are according to the security settings in the pdf. If he has used the owner password, he gets all security rights granted.
PDF encryptions There are many different encryption algorithms supported in the PDF. RC4 or AES with an encryption key length of 40 up to 128 and also user defined algorithms, which aren't covered inside the pdf specification. In recent extenstions to PDF 1.7 specification (extension level 3) also AES 256 was specified. In a later extension there was an update specified, which modified AES 256 a bit and fixed a theoretical security hole. Several tools still have a problem regarding these last extensions (but i don't know about qpdf). These extensions are all available inside the normal pdf specification in the ISO specification of PDF 2.0, which was released today.