Encrypted Forms and How to Use Them

Last Update: July 18, 2017

Caution: Preview Before Submit Widget will create a conflict with the encryption process and the data will not be encrypted. Please do not use this widget on your encrypted forms!



You have most likely noticed our great new feature - Encrypted Forms and read about them on our blog: Introducing Encrypted Forms: The Ultimate in Online Form Security

If you are here, you are still looking for a bit more info and that is what this guide is for :)

We will go from start to finish, so if you are interested in some specific part, just scroll down to it :)


Are our submissions secure if we do not use the encryption feature on our form?


Your submissions are, as they had always been - secure. If you need any extra security we recommend using secure forms as they will cause the forms to be loaded over secure (encrypted tunnel) so that no one can sniff the data shown to the user, nor what they submit to back over your form. It is actually a standard option at JotForm now, the forms are protected with HTTPS (secure) protocol by default.

Encryption is only here if you need that extra layer of security for your own business, and you are used to such options.

Please do note that if you are not familiar with the feature, or have not heard of the RSA algorithms, you are very likely to not need this feature at all for your form.


What is the difference between secure form and encrypted form?

When you get the code for your secure form, you are getting the code (or link) for the form over HTTPS protocol. This means that there is a very strong encryption on it that creates a tunnel between our servers and the people filling out your jotforms. As they submit the form, the form is also submitted over this same HTTPS (secure) protocol, so with just that, your forms are safe.

While the secure HTTPS protected forms encrypt the data in transfer, the encrypted form feature encrypt the stored data. There is no way to decrypt such stored data without a correct private key. For ultimate security, we do not store the private keys on our end when you use encrypted forms.


How to create Encrypted form?

Find it under Settings > Form Settings > Show More Options > Encrypt Form Data

 

You can see a small option with No selected - if it is not encrypted already and with Yes, if it is. If it is not encrypted, let's change it to Yes, so that we start using the encrypted forms.


As soon as you do, you can see that little green lock show up on your forms - confirming that the form is now encrypted.

Now, you will get a new dialog that will ask you to add your own public key or to have one generated for you, so we will go through both options.



1. Generating the Private key for you

This is the recommended way if you are not sure how to create private and public keys since we will make both for you - remember they must be created properly for you to be able to utilize this powerful feature.

To have it done, just click on the button named: Create encryption keys for me.



You will see it rotating a bit.



And then you should be prompted to save the key.



If you are not, do not worry, we have thought of that and that is why you can just click on the Download Private Key button and that is it.



Our recommendation is to save it in a place that is both easy to find for you and you can be sure that it will not be removed. This is an important step, since no one will be able to decrypt the data if the private key is lost.

2. Uploading your own public key

So you are a pro at this and you already have your private and public key pair - great :)

All that you should do is to click on the I will provide the public key button.



And then upload the public key that you already have.



As soon as you upload the public key, it is added to your account.


How to use Encrypted form?

You use it just as you would any other form in your account and since there are so many ways to use a jotform, it is best to check out our embedding forms guides.

The only difference is that small lock at the submit button and that your data is now securely encoded before it is submitted, so do not worry about those strange characters that appear on the form just a moment before the form is submitted - it is just Podo, going through your data and making sure that they leave that browser in a secure - encrypted manner.


What if we can not find the private key after downloading the same?

On your Windows computer, it is most likely in the downloads folder, so all that you need to do to access it, is to type this into address bar.

%HOMEPATH%\Downloads

downloads folder

Or click on Downloads on the left part of your Explorer.

the key

If you are a Mac user, check the Downloads folder.

Mac - downloads


Are we notified of an encrypted submission?

Yes, you are, but not in the usual way. Instead you receive a notice stating that the submission is encrypted with a quick link to the submissions panel for the form under which the submission was made under.

It looks like this:




How do we decrypt the text in the submissions panel to see it?

If your forms are encrypted you will be asked to upload your private key.



As soon as you do so, It will show the success message.



Once you click on the x at the top right it will decrypt the text and show it up for you.

If you are not shown this, then:

a) Your form is no longer encrypted - and that is why it is not asking you. What this means is that if you make some encrypted form as non encrypted, you will be able to open the submissions without being asked for the private key, while as soon as you turn the encryption on, it will start asking you for the private key. So if it does not show - check the preferences and make sure that encryption is set to Yes :)

b) If the encryption is enabled on form, but you are not being asked to upload the private key while the data is still not decrypted, it means that your browser has not matching private key file stored in a local browser storage. The solution is to clear the local browser storage (this is different from browser cookies) to delete the stored private key file from your browser. Once the local storage is cleared, you will be asked to upload the private key file again on the next submissions page visit.



Does this mean that we can ask for passwords on our forms now?


No! This is still forbidden and will lead to account termination as per our terms of use.


If we use Encrypted form can we ask for credit card details without payment processor integrations?

No! This is still forbidden and will lead to account termination just as if you are collecting passwords, Social Security Numbers and similar, per our terms of use.


Can we share the private keys with others?

Yes, you can.


Can we use this on free plan?

Yes, it is available for every account type.


Are keys created per form or per account?

In short, you can have keys on a per form basis. When you use the 'Create encryption keys for me'  option for the first time, we will generate the public and private keys for you. The public key will be stored at JotForm, and private key is downloaded by you.

Then, you can use the 'I will use my existing keys' option when enabling the form encryption on other forms to use the same keys. This is a recommended approach unless you need different keys on different forms.

If you use the 'Create encryption keys for me' again, it will create a new key pair for that particular form.

We do not store the private keys, it means that you should keep your private key(s) in a safe and secure place.


What happens with submissions if we lose the private key?

If you have lost the private key, then there is not much that you can do - it means that your encrypted data is lost forever, there is no copy of the same on our servers and it is not possible to crack the one that you had.

The only recommendation is to turn off encryption right away on each form so that you can start receiving the submissions - which you will be able to see (as the encryption is turned off), while you can leave the encrypted submissions in your Submissions Panel in case you find the key at some later point in time.

Note, if you can see decrypted data in some browser, but the key is lost, it may be possible to restore the key from a browser local storage. If this is the case, contact our support for instructions.


What should we do if we lost the key, but want to keep encryption?

It is possible to generate new keys on form by disabling the form encryption feature and then enabling it again. Use the 'Create encryption keys for me' option to generate new keys.

The new keys will not decrypt the old data.



My browser opened a page with some text, instead of downloading the private key - what is that?

That is private key. Depending on your browser MIME setting you might have it set up to open the file in the browser, to download/save the file or to pass it on to some application on your computer.

For example Safari seems to show the file instead of saving it.

What to do in such cases? Just copy the content and paste it into some empty file and name it as you wish - just remember that you make it as such so that it is easy for you to find it and in a place you would not delete it from by accident.


Can we still accept payments on encrypted forms?

Yes, you can. The data that is being sent to payment processor you are using on your jotform will not get encrypted and as such will be passed to them for further handling.

So your selected packages, their individual prices and the total values will never be encrypted.


Can we turn off the encryption on our forms?

Yes. Click on the Settings tab > Form Settings. There find the option Encrypt Form Data and set it to No.


Is there any difference in speed if the Encryption is turned ON on our form?

The loading time of your forms should be the same, but once you hit submit, the form will after its usual validation of the inputted data also need to go through each field to encrypt it.

This means that some extra time will be added to the submission of your form, but this would only depend on the number of fields on your form and its complexity, so it will very likely take a bit of time on form with over 500 fields on it.

The encrypted submission data may also take some additional time to load.

Can we use any integrations on encrypted forms?

Yes and no. While you can create the integration and send the data to it, please do note that (since the data is encrypted on the side of person submitting the form), the data that we get and hence can pass to your integrations are encrypted.
As such, you will not be able to use this data unless there is a way for you to decrypt the data as it is on the side of that integration. This might be possible on some services, but this is not something that we cover, and would need to check with the support of the same service.


What happens to uploaded files on encrypted forms?

They are left as they are - meaning that any file that gets submitted on your form (photo, document, etc) is left unchanged and will be passed as such to your integration, so no decryption or additional handling is required from you on them.


Important:

Some of the features that are not available for Encrypted Forms are:
1. PDF Downloads.
2. Reports (this includes downloading Excel and CSV files from within Submission Panel).
3. Emails:  Email notifications and Autoresponder (usually emailed to the form submitters), .

All server side, gathered and processed data, can not be retrieved in encrypted forms, because your private key is never sent to our servers.

Have any additional questions? Do ask us bellow in comments and we would be happy to answer them for you.


26 Comments...


   
rjviggia (July 24, 2015 at 02:38 PM)

Hi!

Quick question, if I'm creating forms for Patient Intake submissions; is the SSL security setting enough to protect the information or do I need to utilize this encryption option as well?

Thanks,

Rose

View Answer


   
atlspeech (July 25, 2015 at 03:11 PM)

This does not work for Safari. You may want to note that in the directions.

View Answer


   
jboltz_ihcda (August 10, 2015 at 05:20 PM)

Does this encrypt any files uploaded through the encrypted form?

View Answer


   
Bob Cibulskis (August 11, 2015 at 07:51 PM)

Need to start over on my encrypted form, please remove my keys!
Thanks..

View Answer


   
andreamparsons (October 09, 2015 at 02:00 PM)

I don't think I downloaded the correct file when asked to download my encryption key so my files are not decrypting. Would you please tell me how I can download the correct key. I can not seem to find a way.

View Answer


   
gromiric (February 08, 2016 at 11:16 AM)

I am trying to encrypt my forms for submission. When I hit the create encryption keys for me, it just keeps rotating and does not go to the "opening jotform key" screen. Why is it not generating a key?

View Answer


   
howard31 (April 15, 2016 at 03:49 AM)

Hi. I tried to turn off the encryption on my form in from the "Advanced" tab. Though it shows that the "No" option is selected, my form is still encripted.

View Answer


   
Miccharles (May 10, 2016 at 08:27 AM)

I encrypted my form but then decrypted it. I received one submission while my phone was decrypted but I don't know how to decrypt that submission so I can view the data. Can someone help me?

Thanks,
Michael C.

View Answer


   
ecaballerom (June 03, 2016 at 04:14 AM)

No quiero que salga este mensaje enviado por jotform.com al cliente que inscribe el formulario. Me pueden ayudar por favor. es en Gmail.

Noi SPA
responder a: elvis.caballero.m@gmail.com
para: elvis.caballero.m@gmail.com
fecha: 3 de junio de 2016, 04:06
asunto: Hemos recibido tu reserva en NOI SPA satisfactoriamente
enviado por: jotform.com
encriptación: jotservers.com no encriptó este mensaje Más información

View Answer


   
Coleen723 (June 05, 2016 at 08:20 AM)

Not sure what good this is if I still can't collect credit card info. And BTW - Re: What happens with submissions if we loose the private key?

It's LOSE not loose.

lose - verb
1. become unable to find (something or someone).

loose - adjective
1.not firmly or tightly fixed in place; detached or able to be detached.
"a loose tooth"

View Answer


   
RYLA5400 (July 15, 2016 at 04:20 PM)

I love the encrypted form capability. I ran into a problem while testing the encrypted form. After I filled out the form to verify everything is working, I pressed submit button and it changed to Please wait and then nothing else happened. I never got an email confirmation the form was accepted. Any ideas how I can figure out what I am doing wrong?

View Answer


   
davidwalloed (July 21, 2016 at 07:36 AM)

Please remove all keys from my account

View Answer


   
risingstarsyouth (July 30, 2016 at 05:10 PM)

Lost the keys for our account. Can you remove the existing keys? Thanks

View Answer


   
bacdeltaacademy (August 10, 2016 at 03:33 PM)

Hell, The submissions that were encrypted have all this weird text. I click on the submission, but there is nothing prompting for the key so that the text can be decrypted. What am I doing wrong.

Thanks

View Answer


   
mslw (August 15, 2016 at 08:36 AM)

Are we allowed to collect bank account details using encrypted forms? I mean IBAN and/or BIC/SWIFT codes, not credit card details. The terms of service don't say.

View Answer


   
pigglywigglymidwest (September 07, 2016 at 11:39 AM)

You may also want to note that you are unable to download the Encrypted submissions to Excel.

View Answer


   
Julie Gaudiosi (November 16, 2016 at 03:44 PM)

I am having issues with my encryption key.

Can we delete it and get a new one? If you lost the key, but want to have the forms receiving the data in encrypted manner the best thing to do is to contact us (simply leave the comment bellow) and we will see to have your public key removed manually - which will allow you to add a new pair of private and public keys to your account.

This however means that your old data will not be accessible to you any more - even if you find the private key you lost at some other time.

View Answer


   
ypuclub (November 23, 2016 at 03:54 PM)

HTML Tables do not work for depicting unencrypted data either. Like this it is very difficult to further process our finding. Please enlighten me on how to export the successfully unencrypted data!

View Answer


   
EKFEAT (March 22, 2017 at 03:57 PM)

Need my public key removed so I can regenerate a new key pair. Thank you.

View Answer


   
V2 (April 02, 2017 at 02:56 PM)

Where do you upload the key to?

I have received a submission on an encrypted form. I have downloaded the key. But I am unable to see how to use the key and view the form.

Many thanks,

View Answer


   
yeardley (April 04, 2017 at 05:25 AM)

Hi, What level of encryption is this?

Thanks, David

View Answer


   
mkapust (April 11, 2017 at 11:14 AM)

I'm on a Mac, and when I downloaded they private key it opened the text in my browser. How should I save the key?

View Answer


   
humex (May 17, 2017 at 04:34 AM)

I don't found anywhere the encryption key in my computer. Couldd you delete it? Thanks

View Answer


   
COVAIntern (June 15, 2017 at 11:49 AM)

I am in need of a new key, the old one is no longer accessible. Thank you

View Answer


   
simplyencrypt (July 05, 2017 at 05:27 AM)

Nice Blog!! . I Have Also CreateMy Own Blog Related To Encrypt In Computer Plz Visit text encryption


   
MariBiz (July 15, 2017 at 02:13 PM)

Please clarify for me.

1. The only way to view encrypted form submissions is in your browser using the JotForm console at https://www.jotform.com/submissions/###

2. There is no way to download all encrypted forms (or data), then decrypt to view/access on your local computer.

3. There is no way to print the grid of responses found at https://www.jotform.com/submissions/###

Thanks

View Answer


Send Comment