Decrypt JotForm Post Data with PHP

  • Profile Image
    jgregoire
    Asked on November 08, 2016 at 03:53 PM

    Hello,

    I need to post our form to a php script and do some additonal processing on the data.  One of the fields is SSN, so we were told we have to encrypt the form. First off, is that accurate. If it's not, then the rest of this question is not necessary. 

    We are unable to decrypt the post data on our end. I have created a key pair and successfully encrypted and decrypted data with it. Then I add our public key to jotform and send the post data across, but it will not decrypt it. It won't event decrypt the data inside of jotform.

    So I then tried having jotform create the keys and then use the jotform private key to decrypt the post data, but I get the same result.  Do you have examples of how to decrypt the post data? Are you encoding the encrypted data before posting? Any help would be appreciated.

    Thanks!

  • Profile Image
    Mike
    Answered on November 08, 2016 at 09:08 PM

    Thank you for contacting us.

    Here is an answer from our developers from a similar thread:

    On encrypted forms, we're using the RSA algorithm which is the most widely-used public key cryptography algorithm in the world.  
     
    We don't have any chance to decrypt your data. Your private key is  generated on your own browser, and stored in your computer. It never reaches to our servers.
     
    You should create your own solution to decrypt the data on your end. Simply fetch the data with API, revert the base64 encoding to binary, and decrypt it with OpenSSL.
     
    Lets assume your data is in a file called "encrypted.field"
     
    ➜  cat encrypted.field
    vg89vZgwY3yu55W5j4wFnEQ6ugbg15MH0wq+gu8YXNJvBSiqvVgny+nQjXJEE4lS7LO2MLWn8qw1asnnH0LHfP/f/c9zajEmF4NSihk2P8cZ1U+WmmfiCdyU2UbkSjTl3boT+uYQvNo9mSsgSkga3MEbaHuCcTLuQcTwQBUo039L+gv7mMJxQoD3hHM6i1gQhONch/swWXJzqpV4iVYzboqMtWujo+l60L7C7cy4FiVUUHLhL62dNmT6vAaWaFG5Fh2NnPVwxqWYQhCniJ9qqzdOMYyjWD8uUDjXArNAuzXljaZThoxVURvmKz3xNb4z8kW9gJd2CPSO0PBcuwFJ2Q==
     
    ## Pipe base64 decoded data to OpenSSL in Decryption mode
     
    ➜  base64 -D encrypted.field | openssl rsautl -decrypt -inkey eee.key
    My super secret data!
     
    You can use PHP, NodeJS or any other programming languages to decrypt your data.
     
    ## Example in PHP
     
    class Decryption { public $privateKey = '{yourPrivateKey}'; public function decrypt($data) { if (openssl_private_decrypt(base64_decode($data), $decryptedData, $this->privateKey))
    return $decryptedData; return "Decryption failed!"; } }
    For more details, you can check the openssl_private_decrypt function in PHP Manual.
     

    If you need any further assistance, please let us know.

  • Profile Image
    jgregoire
    Answered on November 09, 2016 at 06:07 PM

    I got it working! Thanks!