Decrypt JotForm Post Data with PHP

  • jgregoire
    Asked on November 8, 2016 at 3:53 PM

    Hello,

    I need to post our form to a php script and do some additonal processing on the data.  One of the fields is SSN, so we were told we have to encrypt the form. First off, is that accurate. If it's not, then the rest of this question is not necessary. 

    We are unable to decrypt the post data on our end. I have created a key pair and successfully encrypted and decrypted data with it. Then I add our public key to jotform and send the post data across, but it will not decrypt it. It won't event decrypt the data inside of jotform.

    So I then tried having jotform create the keys and then use the jotform private key to decrypt the post data, but I get the same result.  Do you have examples of how to decrypt the post data? Are you encoding the encrypted data before posting? Any help would be appreciated.

    Thanks!

  • Mike
    Replied on November 8, 2016 at 9:08 PM

    Thank you for contacting us.

    Here is an answer from our developers from a similar thread:

    On encrypted forms, we're using the RSA algorithm which is the most widely-used public key cryptography algorithm in the world.  
     
    We don't have any chance to decrypt your data. Your private key is  generated on your own browser, and stored in your computer. It never reaches to our servers.
     
    You should create your own solution to decrypt the data on your end. Simply fetch the data with API, revert the base64 encoding to binary, and decrypt it with OpenSSL.
     
    Lets assume your data is in a file called "encrypted.field"
     
    ➜  cat encrypted.field
    vg89vZgwY3yu55W5j4wFnEQ6ugbg15MH0wq+gu8YXNJvBSiqvVgny+nQjXJEE4lS7LO2MLWn8qw1asnnH0LHfP/f/c9zajEmF4NSihk2P8cZ1U+WmmfiCdyU2UbkSjTl3boT+uYQvNo9mSsgSkga3MEbaHuCcTLuQcTwQBUo039L+gv7mMJxQoD3hHM6i1gQhONch/swWXJzqpV4iVYzboqMtWujo+l60L7C7cy4FiVUUHLhL62dNmT6vAaWaFG5Fh2NnPVwxqWYQhCniJ9qqzdOMYyjWD8uUDjXArNAuzXljaZThoxVURvmKz3xNb4z8kW9gJd2CPSO0PBcuwFJ2Q==
     
    ## Pipe base64 decoded data to OpenSSL in Decryption mode
     
    ➜  base64 -D encrypted.field | openssl rsautl -decrypt -inkey eee.key
    My super secret data!
     
    You can use PHP, NodeJS or any other programming languages to decrypt your data.
     
    ## Example in PHP
     
    class Decryption { public $privateKey = '{yourPrivateKey}'; public function decrypt($data) { if (openssl_private_decrypt(base64_decode($data), $decryptedData, $this->privateKey))
    return $decryptedData; return "Decryption failed!"; } }
    For more details, you can check the openssl_private_decrypt function in PHP Manual.
     
    http://us.php.net/manual/en/function.openssl-private-decrypt.php

    If you need any further assistance, please let us know.

  • jgregoire
    Replied on November 9, 2016 at 6:07 PM

    I got it working! Thanks!