Sending sensitive files, you have two common options: encrypt the PDF itself, or zip it with a password. Both look secure. They are not equivalent.
Here is the honest difference.
Encrypted PDF
The PDF is encrypted in place. Recipient enters the password to open it in any reader. Modern AES-256 is robust. Password-protect-pdf handles this in seconds.
Password-protected ZIP
The PDF is wrapped in an encrypted ZIP. Recipient extracts with the password, then opens the PDF normally. Older ZIP encryption is weak; AES ZIP encryption (using 7-Zip or similar) is strong.
Recipient experience
Encrypted PDF opens directly in any reader. Password ZIP requires extraction first — and many email clients block ZIPs as suspicious. For one-file sends, the encrypted PDF is friendlier.
Best for…
Encrypted PDF for single documents and most use cases. Password ZIP for bundling multiple files together with one password. Always use AES ZIP, not legacy ZIP encryption.
FAQ
Is AES-256 PDF encryption secure?
Yes — when paired with a strong password. The weak link is the password, not the algorithm.
Are old ZIPs really weak?
ZipCrypto (the original ZIP encryption) is trivially broken. AES ZIPs from 7-Zip or WinZip are strong.
Should I send the password separately?
Yes — never put the password in the same email as the encrypted file.
One file: encrypt the PDF. Many files: AES ZIP. Send the password by another channel.