Encrypted Forms and How to Use Them

Last Update: June 30, 2016

You have most likely noticed our great new feature - Encrypted Forms and read about them on our blog: Introducing Encrypted Forms: The Ultimate in Online Form Security

If you are here, you are still looking for a bit more info and that is what this guide is for :)

We will go from start to finish, so if you are interested in some specific part, just scroll down to it :)

How to create Encrypted form?

To create a form, you should go to Preferences

Toolbar preferences

Now go to Advanced Settings



You can see a small option with No selected - if it is not encrypted already and with Yes, if it is. If it is not encrypted, let's change it to Yes, so that we start using the encrypted forms.

As soon as you do, you can see that little green lock show up on your forms - confirming that the form is now encrypted.

Now, you will get a new dialog that will ask you to add your own public key or to have one generated for you, so we will go through both options.



1. Generating the Private key for you

This is the recommended way if you are not sure how to create private and public keys since we will make both for you - remember they must be created properly for you to be able to utilize this powerful feature.

To have it done, just click on the button named: Create encryption keys for me



You will see it rotating a bit



and then you should be prompted to save the key



If you are not, do not worry, we have thought of that and that is why you can just click on the Download Private Key button and that is it.



Our recommendation is to save it in a place that is both easy to find for you and you can be sure that it will not be removed.

2. Uploading your own public key

So you are a pro at this and you already have your private and public key pair - great :)

All that you should do is to click on the I will provide the public key button



and then upload the public key that you already have.



As soon as you upload the key, it is added to your jotform account


How to use Encrypted form?

You use it just as you would any other form in your account and since there are so many ways to use a jotform, it is best to check out our embedding forms guides.

The only difference is that small lock at the submit button and that your data is now securely encoded before it is submitted, so do not worry about those strange characters that appear on the form just a moment before the form is submitted - it is just Podo, going through your data and making sure that they leave that browser in a secure - encrypted manner.


What if we can not find the private key after downloading the same?

On your Windows computer, it is most likely in the downloads folder, so all that you need to do to access it, is to type this into address bar:

%HOMEPATH%\Downloads

downloads folder

or click on Downloads on the left part of your Explorer

the key

If you are a Mac user, you can simply click here:

Mac - downloads


Are we notified of an encrypted submission?

Yes, you are, but not in the usual way. Instead you receive a notice stating that the submission is encrypted with a quick link to the submissions panel for the form under which the submission was made under.

It looks like this:




How do we decrypt the text in the submissions panel to see it?

If your forms are encrypted you will be asked to upload your private key



As soon as you do so, It will show the success message



Once you click on the x at the top right it will decrypt the text and show it up for you.

If you are not shown this, then your form is no longer encrypted - and that is why it is not asking you. What this means is that if you make some encrypted form as non encrypted, you will be able to open the submissions without being asked for the private key, while as soon as you turn the encryption on, it will start asking you for the private key.

So if it does not show - check the preferences and make sure that encryption is set to Yes :)


Does this mean that we can ask for passwords on our forms now?


No! This is still forbidden and will lead to account termination as per our terms of use.


If we use Encrypted form can we ask for credit card details without payment processor integrations?

No! This is still forbidden and will lead to account termination just as if you are collecting passwords, Social Security Numbers and similar, per our terms of use.


Can we share the private keys with others?

Yes, you can, but be mindful with whom you share the keys with, since once created your keys can not be changed.


Can we use this on free plan?

Yes, it is available for everyone - even for guest accounts, but please do note that if you are on a guest account, as soon as your session is terminated and a new guest account is made, you will need to have another key created.

This could lead to a lot of keys to care for, so what we suggest is to upload your current public key and use the current private key each time instead. The best way to resolve this however is to simply sign up for a free account and have more submissions per month (100) and avoid any possible issues with the keys ;)


Are keys created per form or per account?

The public and private key is created per account. You can clear your forms and your browser cache, change browsers and your public and private keys will always be the same.

This avoids the creation of multiple keys while it offers you a powerful feature in the same time.

It also means that you should keep your private key in a safe and secure place.


What is the difference between secure form and encrypted form?

The difference is that when you get the code for your secure form, you are getting the code (or link) for the form over HTTPS protocol. This means that there is a very strong encryption on it that creates a tunnel between our servers and the people filling out your jotforms.

As they submit the form, the form is also submitted over this same HTTPS (secure) protocol, so with just that, your forms are safe.

If you however send an email with the data clearly shown, it cancels the SSL - secure effect provided by the secure form.

Encrypted forms on the other hand will show the page over the plain protocol (HTTP), but will force the encryption to be made so that text can not be read by anyone other than you and anyone having your private key.


What happens with submissions if we lose the private key?

If you have lost the private key, then there is not much that you can do - it means that your encrypted data is lost forever, there is no copy of the same on our servers and it is not possible to crack the one that you had.

The only recommendation is to turn off encryption right away on each form so that you can start receiving the submissions - which you will be able to see (as the encryption is turned off), while you can leave the encrypted submissions in your Submissions Panel in case you find the key at some later point in time.


What should we do if we lost the key, but want to keep encryption?

If you lost the key, but want to have the forms receiving the data in encrypted manner the best thing to do is to contact us (simply leave the comment bellow) and we will see to have your public key removed manually - which will allow you to add a new pair of private and public keys to your account.

This however means that your old data will not be accessible to you any more - even if you find the private key you lost at some other time.


My browser opened a page with some text, instead of downloading the private key - what is that?

That is private key. Depending on your browser MIME setting you might have it set up to open the file in the browser, to download/save the file or to pass it on to some application on your computer.

For example Safari seems to show the file instead of saving it.

What to do in such cases? Just copy the content and paste it into some empty file and name it as you wish - just remember that you make it as such so that it is easy for you to find it and in a place you would not delete it from by accident.


Can we still accept payments on encrypted forms?

Yes, you can. The data that is being sent to payment processor you are using on your jotform will not get encrypted and as such will be passed to them for further handling.

So your selected packages, their individual prices and the total values will never be encrypted.


Can we turn off the encryption on our forms?

Yes. You can do that by going to Preferences



Then go to Advanced Settings and make sure to set the Encrypted Forms to No.





Is there any difference in speed if the Encryption is turned ON on our form?

The loading time of your forms should be the same, but once you hit submit, the form will after its usual validation of the inputted data also need to go through each field to encrypt it.

This means that some extra time will be added to the submission of your form, but this would only depend on the number of fields on your form and its complexity, so it will very likely take a bit of time on form with over 500 fields on it.


Are our submissions secure if we do not use the encryption feature on our form?

Your submissions are, as they had always been - secure. If you need any extra security we recommend using secure forms as they will cause the forms to be loaded over secure (encrypted tunnel) so that no one can sniff the data shown to the user, nor what they submit to back over your form.

Encryption is only here if you need that extra layer of security for your own business, and you are used to such options.

Please do note that if you are not familiar with the feature, or have not heard of the RSA algorithms, you are very likely to not need this feature at all for your form.


Can we use any integrations on encrypted forms?

Yes and no. While you can create the integration and send the data to it, please do note that (since the data is encrypted on the side of person submitting the form), the data that we get and hence can pass to your integrations are encrypted.
As such, you will not be able to use this data unless there is a way for you to decrypt the data as it is on the side of that integration. This might be possible on some services, but this is not something that we cover, and would need to check with the support of the same service.


What happens to uploaded files on encrypted forms?

They are left as they are - meaning that any file that gets submitted on your form (photo, document, etc) is left unchanged and will be passed as such to your integration, so no decryption or additional handling is required from you on them.


Important:

Some of the features that are not available for Encrypted Forms* are:
1. PDF Downloads,
2. Reports (this includes downloading Excel and CSV files from within Submission Panel),
3. Emails that contain form data in them.

* All server side gathered and processed data can only be retrieved in encrypted form because your private key is never sent to our servers.


Have any additional questions? Do ask us bellow in comments and we would be happy to answer them for you.


16 Comments...


   
rjviggia (July 24, 2015 at 02:38 PM)

Hi!

Quick question, if I'm creating forms for Patient Intake submissions; is the SSL security setting enough to protect the information or do I need to utilize this encryption option as well?

Thanks,

Rose

View Answer


   
atlspeech (July 25, 2015 at 03:11 PM)

This does not work for Safari. You may want to note that in the directions.

View Answer


   
jboltz_ihcda (August 10, 2015 at 05:20 PM)

Does this encrypt any files uploaded through the encrypted form?

View Answer


   
Bob Cibulskis (August 11, 2015 at 07:51 PM)

Need to start over on my encrypted form, please remove my keys!
Thanks..

View Answer


   
andreamparsons (October 09, 2015 at 02:00 PM)

I don't think I downloaded the correct file when asked to download my encryption key so my files are not decrypting. Would you please tell me how I can download the correct key. I can not seem to find a way.

View Answer


   
gromiric (February 08, 2016 at 11:16 AM)

I am trying to encrypt my forms for submission. When I hit the create encryption keys for me, it just keeps rotating and does not go to the "opening jotform key" screen. Why is it not generating a key?

View Answer


   
howard31 (April 15, 2016 at 03:49 AM)

Hi. I tried to turn off the encryption on my form in from the "Advanced" tab. Though it shows that the "No" option is selected, my form is still encripted.

View Answer


   
Miccharles (May 10, 2016 at 08:27 AM)

I encrypted my form but then decrypted it. I received one submission while my phone was decrypted but I don't know how to decrypt that submission so I can view the data. Can someone help me?

Thanks,
Michael C.

View Answer


   
ecaballerom (June 03, 2016 at 04:14 AM)

No quiero que salga este mensaje enviado por jotform.com al cliente que inscribe el formulario. Me pueden ayudar por favor. es en Gmail.

Noi SPA
responder a: elvis.caballero.m@gmail.com
para: elvis.caballero.m@gmail.com
fecha: 3 de junio de 2016, 04:06
asunto: Hemos recibido tu reserva en NOI SPA satisfactoriamente
enviado por: jotform.com
encriptación: jotservers.com no encriptó este mensaje Más información

View Answer


   
Coleen723 (June 05, 2016 at 08:20 AM)

Not sure what good this is if I still can't collect credit card info. And BTW - Re: What happens with submissions if we loose the private key?

It's LOSE not loose.

lose - verb
1. become unable to find (something or someone).

loose - adjective
1.not firmly or tightly fixed in place; detached or able to be detached.
"a loose tooth"

View Answer


   
RYLA5400 (July 15, 2016 at 04:20 PM)

I love the encrypted form capability. I ran into a problem while testing the encrypted form. After I filled out the form to verify everything is working, I pressed submit button and it changed to Please wait and then nothing else happened. I never got an email confirmation the form was accepted. Any ideas how I can figure out what I am doing wrong?

View Answer


   
davidwalloed (July 21, 2016 at 07:36 AM)

Please remove all keys from my account

View Answer


   
risingstarsyouth (July 30, 2016 at 05:10 PM)

Lost the keys for our account. Can you remove the existing keys? Thanks

View Answer


   
bacdeltaacademy (August 10, 2016 at 03:33 PM)

Hell, The submissions that were encrypted have all this weird text. I click on the submission, but there is nothing prompting for the key so that the text can be decrypted. What am I doing wrong.

Thanks

View Answer


   
mslw (August 15, 2016 at 08:36 AM)

Are we allowed to collect bank account details using encrypted forms? I mean IBAN and/or BIC/SWIFT codes, not credit card details. The terms of service don't say.

View Answer


   
pigglywigglymidwest (September 07, 2016 at 11:39 AM)

You may also want to note that you are unable to download the Encrypted submissions to Excel.

View Answer


Send Comment