From 70e040b9a446bbc8ea342debb8913155fe437532 Mon Sep 17 00:00:00 2001
From: Martin Thoma <info@martin-thoma.de>
Date: Tue, 28 Mar 2023 14:54:35 +0200
Subject: [PATCH] SEC: Warn about PDF encryption security

See #1754
---
 docs/user/encryption-decryption.md | 5 +++++
 pypdf/_writer.py                   | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/docs/user/encryption-decryption.md b/docs/user/encryption-decryption.md
index b95b33f86..ff211320c 100644
--- a/docs/user/encryption-decryption.md
+++ b/docs/user/encryption-decryption.md
@@ -5,6 +5,11 @@
 
 ## Encrypt
 
+> ⚠️ WARNING ⚠️: pypdf only implements [RC4 encryption](https://en.wikipedia.org/wiki/RC4).
+> This encryption algorithm is insecure. The more modern and secure AES
+> encryption is not implemented. pypdf can only decrypt, but not encrypt with
+> AES.
+
 Add a password to a PDF (encrypt it):
 
 ```python
diff --git a/pypdf/_writer.py b/pypdf/_writer.py
index b0ae266eb..5501e58bb 100644
--- a/pypdf/_writer.py
+++ b/pypdf/_writer.py
@@ -1027,6 +1027,12 @@ def encrypt(
                 5 and 6 control annotations, 9 for form fields,
                 10 for extraction of text and graphics.
         """
+        warnings.warn(
+            "pypdf only implements RC4 encryption so far. "
+            "The RC4 algorithm is insecure. Either use a library that supports "
+            "AES for encryption or put the PDF in an encrypted container, "
+            "for example an encrypted ZIP file."
+        )
         if user_pwd is not None:
             if user_password is not None:
                 raise ValueError(