Data submitted as encrypted form is showing up unencrypted on form that have multiple pages

  • imnresource
    Asked on September 24, 2015 at 5:39 PM

    I changed my form into an encrypted form and then tested it. I entered the direct link into my browser and filled in the form. The little green lock appeared next to the submit button and when I moused over the submit button a message appeared saying "This form is encrypted".

    However, when I then went to view the data through https://www.jotform.com it seemed that the data had not actually been encrypted. I deleted an older unencrypted submission and then was surprised to see that my new submission showed up in the submissions window unencrypted, despite the fact that I had not entered my key (nor had I been prompted for it). I went to "Preferences / advanced settings" for this form and "Encrypt Form Data" was in fact set to "Yes".

    Thinking that the older unencrypted entry had somehow prevented the form from encrypting properly, I deleted all submissions, logged out, closed and reopened my browser window, and completed my form again. As before, the submit button indicated the form was encrypted. I logged into jotform and looked at my submission. This time a popup wizard did prompt for my private key, but I could clearly see my data unencrypted behind the popup. I dismissed the popup without having entered my key, and for about one second could see all my newly entered data unencrypted until the wizard popped up again.  I get the impression that form data is not being encrypted even though it claims to be.

    Is there a bug in the form encryption process? Am I doing something wrong? I'd like to use form encryption. Please advise.

  • jonathan
    Replied on September 24, 2015 at 6:59 PM

    From what I have test so far, your form http://www.jotform.us/form/52656135340148 is encrypted, and I cannot view the submission data because it requires the private key to open.

    Data submitted as encrypted form is showing up unencrypted on form that have multiple pages Image 1 Screenshot 20

    Please try adding also a Notification Email to your form, and check if the email being sent is encrypted or not.

    Hope this help. Let us know if you need further assistance.

  • jonathan
    Replied on September 24, 2015 at 8:00 PM

    I have investigated this further and I found out that there was issue with encrypted form submission view that have multiple pages. It seems that encryption is not properly applied on some data when the form have multiple pages (with page break field).

    Single page form doesn't exibit similar behavior glitch.

    Data submitted as encrypted form is showing up unencrypted on form that have multiple pages Image 1 Screenshot 20

     

    I have now reported this issue to our higher level support so that it can be investigated further and have the glitch fixed as soon as possible. 

    We will let you know here for any update on the status.

     

    Thanks.

  • imnresource
    Replied on September 25, 2015 at 10:25 AM

    Thank you for investigating this so quickly. I look forward to hearing the resolution, and meanwhile will try again with single page.

  • imnresource
    Replied on September 25, 2015 at 1:29 PM

    I am still having this issue even when I changed my form to a single page. Here is what I did:

    First I removed all page breaks from my form, making it into a single page form.

    In case this is relevant, I generated a new key before testing. (The old one is no longer in my downloads folder; I suspect my security software or browser deleted it.) I did this by going to "Preferences / advanced settings" for this form and changing "Encrypt Form Data" to "No", then logging out and back in. I again went to "Preferences / advanced settings" for this form and changed "Encrypt Form Data" to "Yes". I pressed the button for generating a new key and notepad opened up with the new key. This time I saved the key somewhere other than in my downloads folder.  At some point I also deleted yesterday's submission; I think I did that before I generated the new key.

    I tested my form by entering the direct link into my browser and filling in the form. The submit button had the little green lock next to it. When I moused over the submit button i got a message saying "This form is encrypted". When I clicked the submit button, the data was replaced with nonsense characters for about a second until the "thank you" page appeared. These nonsense characters did not appear during yesterday's tests, and their presence today made me suspect the encryption may be working.

    However, when I logged into https://www.jotform.com, selected my form, and clicked on submissions, I was not prompted for my key and the data I had just submitted was fully visible and unencrypted.

  • Ben
    Replied on September 25, 2015 at 2:42 PM

    While I understand the impression that your second test made on you, please note that your private key is saved for you when you first create it in your Browser. This is since it is expected that you will shortly afterwards go into the submissions panel to see your submissions.

    This is however very easy to check by simply going with a different browser into your account and checking the submissions. As soon as you do, you will see the difference.

    For example keep your current browser running and then try the same in the different browser.

  • imnresource
    Replied on September 25, 2015 at 4:27 PM

    I think Ben is right. After clearing my browsing history, the data on the single page form displayed as nonsense characters until I re-uploaded my key. (I didn't test with my second browser because it's too old to be of much use.) I guess the data was showing up unencrypted during my second test only because it had been successfully decrypted using my browser's retained key.

    I should mention that my browser seems to keep the key until I clear the browsing history, even if I log out and reboot my computer.  This is in conflict with the note on the upload dialog which implies the key will be kept only until I log out.  But that's a different issue and not a big concern for me.

    Like jonathan said, it seems like the encryption glitch applies only to multi-page forms.

  • Ben
    Replied on September 25, 2015 at 4:42 PM

    Yes, that is true, the issue is connected to multiple pages only - as per comments of our developer when Jonathan mentioned this - since he did a very detailed investigation on this :)

    Now in regards to the key, it should only stay in your browsers local storage until after you log out, as you have mentioned, so this would be a different issue, which if you experience again, please do let us know and we will raise it to our developers.

  • alp_deniz
    Replied on September 27, 2015 at 6:26 PM

    Hello,

    Multi-page encryption bug is now fixed. Thank you very much for letting us know.

    Regards

  • imnresource
    Replied on September 28, 2015 at 11:36 PM

    Looks good. Now when the popup wizard prompts for my private key on my multi-page form, I can see that the form data behind it is encrypted. Thank you for implementing this fix!

  • Chriistian Jotform Support
    Replied on September 29, 2015 at 4:42 AM

    Hi,

     

    On behalf of my colleagues, you are welcome. Feel free to contact us again if you have other questions/queries. We will be glad to help.

     

    Regards.