The contents of a certificate-encrypted PDF are secured using a fast symmetric data cryptography technique based on an internal password key. The internal password is in turn protected using RSA encryption using the public keys from a series of digital certificates provided by each of the intended recipients. An individual recipient can derive the internal key by applying the appropriate private key and thus decode the document contents. The internal key is randomly created during the PDF encryption process and is never published.