Strip reversible IDPF and Adobe ADEPT-font obfuscation from EPUB files and clean up stale encryption.xml entries — free, no signup, files deleted within an hour.
We do NOTremove content DRM (Adobe ADEPT, Apple FairPlay, Amazon KFX, Barnes & Noble Social). Those use cryptographic keys we don't have, and stripping them without authorisation is illegal in most jurisdictions. If your EPUB came from a retailer, contact the retailer.
0pfree
<5MBin-memory
1 hrmax retention
no DRMexplicitly excluded
How it works
The flow should be simple enough to use quickly and structured enough to produce a useful publishing decision.
Step 1
Upload your EPUB
Drop in the file. Files under 5MB are processed in memory; larger files go through encrypted private storage.
Step 2
Reversible obfuscation removed
We strip IDPF and Adobe ADEPT-font obfuscation using the key derived from the OPF unique identifier — the algorithm is public and reversible.
Step 3
DRM detected and refused
If the EPUB contains content DRM (Adobe ADEPT, FairPlay, Amazon KFX, B&N Social) we leave those bytes untouched and tell you which files we couldn't process.
Step 4
Download the clean file
Repackaged EPUB with mimetype-first ZIP structure and encryption.xml removed (or trimmed). Ready for distribution.
FAQ
Common questions about EPUB encryption removal
Next step
Cleaned the encryption? The next move is usually a full validation pass.
Once obfuscation is gone, structural errors (missing mimetype, broken manifest, invalid XHTML) are still possible. Run the validator to be sure.
We'll strip font obfuscation and stale encryption.xml entries. Files under 5MB are processed in memory; larger files go through private storage and are deleted within an hour.
We do NOT remove DRM.Adobe ADEPT, Apple FairPlay, Amazon KFX, and B&N Social use keys we don't have — stripping them without authorisation is illegal. If your EPUB came from a retailer, contact the retailer.
Frequently Asked Questions
What's the difference between encryption.xml and DRM?
They're different layers. encryption.xml is a metadata file inside the EPUB (at META-INF/encryption.xml) that lists which resources are encrypted and which algorithm encrypted them. Content DRM (Adobe ADEPT, Apple FairPlay, Amazon KFX, Barnes & Noble Social) is a separate retailer-applied layer that uses cryptographic keys you don't have. Font obfuscation is a third thing — it's reversible scrambling listed in encryption.xml whose key is derived from the EPUB itself. We strip the font-obfuscation entries and leave any DRM entries byte-identical.
Why won't my Kobo or Apple Books EPUB open?
Two common encryption.xml causes. First, stale entries — your EPUB has a META-INF/encryption.xml that references files that aren't actually encrypted any more (left behind by an earlier build step). Apple Books in particular rejects the whole file in that case. Second, font obfuscation against fonts the device can't read. Both are fixable here. Upload the EPUB and we'll detect which case you're in and clean it up. If neither applies, the issue is elsewhere — try our free EPUB validator at /education/tools/epub-validator for a full structural check.
How do I tell if my EPUB has font obfuscation?
Open the .epub as a ZIP (rename to .zip and unpack). If you see a file at META-INF/encryption.xml, encryption metadata is present. Look at the Algorithm attribute inside each EncryptedData block: 'http://www.idpf.org/2008/embedding' or 'http://ns.adobe.com/pdf/enc#RC' are the two reversible font-obfuscation algorithms we strip. Anything else is content DRM (we don't touch) or an unrecognised algorithm (we don't touch). You can also just upload the file here — the tool tells you exactly what it found.
Does this tool remove DRM?
No. We only strip reversible font obfuscation (IDPF and Adobe ADEPT-font algorithms) and clean up stale encryption.xml entries. Content DRM — Adobe ADEPT, Apple FairPlay, Amazon KFX, Barnes & Noble Social — uses cryptographic keys we don't have, and removing it without authorisation is illegal in most jurisdictions. If your EPUB came from a retailer, contact the retailer.
What exactly does it strip?
Two things. First, font obfuscation: reversible XOR scrambles applied to font binaries inside the EPUB by the IDPF (2008) algorithm or the Adobe ADEPT-font algorithm. The keys are derived from the OPF unique identifier, so anyone with the file can reverse the obfuscation. Second, stale encryption.xml entries — references to files that aren't actually encrypted any more, often left behind by previous build steps. Some readers (Apple Books especially) reject EPUBs with stale entries.
Will the cleaned EPUB still validate?
Yes. We also rebuild the ZIP archive with mimetype as the first uncompressed entry (the OCF spec requirement that many tools get wrong) and remove encryption.xml entirely if no entries remain. The result passes EPUBCheck for the parts we touched. Run our /education/tools/epub-validator afterwards if you want a full validation report.
How is my file handled?
Files under 5MB are processed entirely in memory — never written to disk. Files 5MB and above are uploaded directly to private object storage, processed there, and deleted within one hour by an automated cleanup. We never store your filename, IP, or the file itself. We don't train on uploads.
Why does it sometimes say 'no encryption found'?
If the EPUB has no META-INF/encryption.xml file, there's nothing to strip — the file is already plaintext. We return the original bytes unchanged in that case. If you got the file from a retailer and expected DRM, the encryption is in a different layer that we can't (and won't) touch.
What happens if my EPUB has both font obfuscation and DRM?
We strip the font obfuscation, leave the DRM-protected resources byte-identical, and return a result page listing the protected files we didn't touch. The cleaned EPUB will still have DRM on the chapters that had it — that's the retailer's, not ours.
What this tool will and won't remove
EPUB “encryption” covers three different things, and we can only legally process two of them. The distinction matters — the algorithms are different and the rules around them are different.
We remove
Font obfuscation
The IDPF (2008) and Adobe ADEPT-font algorithms scramble font binaries with a reversible XOR. The key is derived from the OPF unique identifier — present in the EPUB itself. Anyone with the file can reverse it. We do.
We also remove
Stale encryption.xml entries
Sometimes an EPUB ships with a META-INF/encryption.xml that references files that aren't actually encrypted any more — leftover from a previous build step. Some readers (Apple Books in particular) reject the whole EPUB. We clean these up.
We do NOT remove
Content DRM
Adobe ADEPT content, Apple FairPlay, Amazon KFX, Barnes & Noble Social. These use cryptographic keys we don't have, and stripping them without authorisation is illegal in most jurisdictions (DMCA §1201, EUCD).
If your EPUB came from a retailer and you can't open it on the device you want, contact the retailer — they can usually authorise additional reading systems on the same account.
Privacy
Files under 5MB are processed in memory and never written to disk.
Files 5MB and above are uploaded directly to private object storage, processed there, and deleted within one hour.
We never store your filename, raw IP address, or the file itself after processing.
We don't train on uploads.
We do log structural metadata about each run (file size, encryption type, processing time, an HMAC-bucketed monthly hash of your IP) for 90 days to improve the tool.
Want to also fix structural errors (missing mimetype, broken manifest, invalid XHTML)? Validate your EPUB →