What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
Data submitted as encrypted form is showing up unencrypted on form that have multiple pagesAsked by imnresource on September 24, 2015 at 05:39 PM
I changed my form into an encrypted form and then tested it. I entered the direct link into my browser and filled in the form. The little green lock appeared next to the submit button and when I moused over the submit button a message appeared saying "This form is encrypted".
However, when I then went to view the data through https://www.jotform.com it seemed that the data had not actually been encrypted. I deleted an older unencrypted submission and then was surprised to see that my new submission showed up in the submissions window unencrypted, despite the fact that I had not entered my key (nor had I been prompted for it). I went to "Preferences / advanced settings" for this form and "Encrypt Form Data" was in fact set to "Yes".
Thinking that the older unencrypted entry had somehow prevented the form from encrypting properly, I deleted all submissions, logged out, closed and reopened my browser window, and completed my form again. As before, the submit button indicated the form was encrypted. I logged into jotform and looked at my submission. This time a popup wizard did prompt for my private key, but I could clearly see my data unencrypted behind the popup. I dismissed the popup without having entered my key, and for about one second could see all my newly entered data unencrypted until the wizard popped up again. I get the impression that form data is not being encrypted even though it claims to be.
Is there a bug in the form encryption process? Am I doing something wrong? I'd like to use form encryption. Please advise.
Please try adding also a Notification Email to your form, and check if the email being sent is encrypted or not.
Hope this help. Let us know if you need further assistance.
I have investigated this further and I found out that there was issue with encrypted form submission view that have multiple pages. It seems that encryption is not properly applied on some data when the form have multiple pages (with page break field).
Single page form doesn't exibit similar behavior glitch.
I have now reported this issue to our higher level support so that it can be investigated further and have the glitch fixed as soon as possible.
We will let you know here for any update on the status.
Thank you for investigating this so quickly. I look forward to hearing the resolution, and meanwhile will try again with single page.
I am still having this issue even when I changed my form to a single page. Here is what I did:
First I removed all page breaks from my form, making it into a single page form.
In case this is relevant, I generated a new key before testing. (The old one is no longer in my downloads folder; I suspect my security software or browser deleted it.) I did this by going to "Preferences / advanced settings" for this form and changing "Encrypt Form Data" to "No", then logging out and back in. I again went to "Preferences / advanced settings" for this form and changed "Encrypt Form Data" to "Yes". I pressed the button for generating a new key and notepad opened up with the new key. This time I saved the key somewhere other than in my downloads folder. At some point I also deleted yesterday's submission; I think I did that before I generated the new key.
I tested my form by entering the direct link into my browser and filling in the form. The submit button had the little green lock next to it. When I moused over the submit button i got a message saying "This form is encrypted". When I clicked the submit button, the data was replaced with nonsense characters for about a second until the "thank you" page appeared. These nonsense characters did not appear during yesterday's tests, and their presence today made me suspect the encryption may be working.
However, when I logged into https://www.jotform.com, selected my form, and clicked on submissions, I was not prompted for my key and the data I had just submitted was fully visible and unencrypted.
While I understand the impression that your second test made on you, please note that your private key is saved for you when you first create it in your Browser. This is since it is expected that you will shortly afterwards go into the submissions panel to see your submissions.
This is however very easy to check by simply going with a different browser into your account and checking the submissions. As soon as you do, you will see the difference.
For example keep your current browser running and then try the same in the different browser.
I think Ben is right. After clearing my browsing history, the data on the single page form displayed as nonsense characters until I re-uploaded my key. (I didn't test with my second browser because it's too old to be of much use.) I guess the data was showing up unencrypted during my second test only because it had been successfully decrypted using my browser's retained key.
I should mention that my browser seems to keep the key until I clear the browsing history, even if I log out and reboot my computer. This is in conflict with the note on the upload dialog which implies the key will be kept only until I log out. But that's a different issue and not a big concern for me.
Like jonathan said, it seems like the encryption glitch applies only to multi-page forms.
Yes, that is true, the issue is connected to multiple pages only - as per comments of our developer when Jonathan mentioned this - since he did a very detailed investigation on this :)
Now in regards to the key, it should only stay in your browsers local storage until after you log out, as you have mentioned, so this would be a different issue, which if you experience again, please do let us know and we will raise it to our developers.
Multi-page encryption bug is now fixed. Thank you very much for letting us know.
Looks good. Now when the popup wizard prompts for my private key on my multi-page form, I can see that the form data behind it is encrypted. Thank you for implementing this fix!
On behalf of my colleagues, you are welcome. Feel free to contact us again if you have other questions/queries. We will be glad to help.