I have a few questions about Form Encryption

  • Profile Image
    RustyGower
    Asked on March 03, 2017 at 03:48 AM

    Hi,

    I am interested in the Encrypted Forms option. But have a query as I have noticed o your forums/posts about it that you mention 'losing' the key and its consequences quite often.


    So I just want to clarify. You download one Private Key per account or per form?


    Once you have that key as a file on your computer, can it be copied, for example:

     

    *  Have it on my laptop for when I need it to view forms, but also have a copy backed up on aother hardrive icase something happens to my laptop.

     

    * As I work on various PCs / Laptops depending on where I am, will I be able to copy my Private key to all my devices I work from?




    Please advise,


    DRG

  • Profile Image
    Jim_R
    Answered on March 03, 2017 at 05:49 AM

    Hello DRG - You're correct, the Form Encryption feature comes with consequences when you lose the private key generated. On top of that, there are features that you won't be able to utilize once you enable Encryption. It's because once the data is encrypted, it will be encrypted everywhere EXCEPT these 2 locations where you can decrypt them:

    1. From the Submissions Page

    2. Through Email Notification

    You download one Private Key per account or per form? 

    The Private Key you generate is per form, not per account. You'd only be asked to generate and download the Private Key when you enable Form Encryption.

    Once you have that key as a file on your computer, can it be copied, for example:

    *  Have it on my laptop for when I need it to view forms, but also have a copy backed up on aother hardrive icase something happens to my laptop.

    * As I work on various PCs / Laptops depending on where I am, will I be able to copy my Private key to all my devices I work from?

    Yes that won't be a problem. I would just highly recommend to never rename the key. Copying it from one device to another shouldn't be an issue for as long as it's the same Private Key.

    On a minor note, Form Encryption is indeed great but IMHO it's unnecessary. Think of it as the 2-step verification from Google - Yes, it's a great added layer of security but still, an optional feature.

    Even without encryption, the forms and submissions are transmitted securely with a 256 bit high-grade encryption, which means that data is encrypted during the transmission and cannot be interrupted by anyone else. We have an SSL certificate that uses SHA256 with RSA encryption https://www.ssllabs.com/ssltest/analyze.html?d=secure.jotform.com 

    We are also Safe Harbor Certified.

    Related article: Announcing-JotForm-s-Safe-Harbor-Certification

    So before proceeding, I strongly urge you to read and review our guide below, especially the Q&A section that should answer any doubt you might still have.

    Complete guide: What-Are-Encrypted-Forms-and-How-to-Use-Them-as-Expert