Browse Article by Topicsencrypted form security encryption safe form
Related Forum Questions
- Paypal's security upgrade to effect JotForm payments?
- I cannot open the encryption key you sent us
- Web browser keeps loosing the SSL key
- Encryption and Attachments
- How do I use the encryption key to open encrypted submissions?
- Are you planning to add more features?
- Where do I find/download my encryption key
- Unencrypting form submissions
- Make the submission received have statically spaced and sized responses.
Encrypted Forms and How to Use ThemLast Update: June 30, 2016
You have most likely noticed our great new feature - Encrypted Forms and read about them on our blog: Introducing Encrypted Forms: The Ultimate in Online Form Security
If you are here, you are still looking for a bit more info and that is what this guide is for :)
We will go from start to finish, so if you are interested in some specific part, just scroll down to it :)
How to create Encrypted form?
To create a form, you should go to Preferences
Now go to Advanced Settings
You can see a small option with No selected - if it is not encrypted already and with Yes, if it is. If it is not encrypted, let's change it to Yes, so that we start using the encrypted forms.
As soon as you do, you can see that little green lock show up on your forms - confirming that the form is now encrypted.
Now, you will get a new dialog that will ask you to add your own public key or to have one generated for you, so we will go through both options.
1. Generating the Private key for you
This is the recommended way if you are not sure how to create private and public keys since we will make both for you - remember they must be created properly for you to be able to utilize this powerful feature.
To have it done, just click on the button named: Create encryption keys for me
You will see it rotating a bit
and then you should be prompted to save the key
If you are not, do not worry, we have thought of that and that is why you can just click on the Download Private Key button and that is it.
Our recommendation is to save it in a place that is both easy to find for you and you can be sure that it will not be removed.
2. Uploading your own public key
So you are a pro at this and you already have your private and public key pair - great :)
All that you should do is to click on the I will provide the public key button
and then upload the public key that you already have.
As soon as you upload the key, it is added to your jotform account
How to use Encrypted form?
You use it just as you would any other form in your account and since there are so many ways to use a jotform, it is best to check out our embedding forms guides.
The only difference is that small lock at the submit button and that your data is now securely encoded before it is submitted, so do not worry about those strange characters that appear on the form just a moment before the form is submitted - it is just Podo, going through your data and making sure that they leave that browser in a secure - encrypted manner.
What if we can not find the private key after downloading the same?
On your Windows computer, it is most likely in the downloads folder, so all that you need to do to access it, is to type this into address bar:
or click on Downloads on the left part of your Explorer
If you are a Mac user, you can simply click here:
Are we notified of an encrypted submission?
Yes, you are, but not in the usual way. Instead you receive a notice stating that the submission is encrypted with a quick link to the submissions panel for the form under which the submission was made under.
It looks like this:
How do we decrypt the text in the submissions panel to see it?
If your forms are encrypted you will be asked to upload your private key
As soon as you do so, It will show the success message
Once you click on the x at the top right it will decrypt the text and show it up for you.
If you are not shown this, then your form is no longer encrypted - and that is why it is not asking you. What this means is that if you make some encrypted form as non encrypted, you will be able to open the submissions without being asked for the private key, while as soon as you turn the encryption on, it will start asking you for the private key.
So if it does not show - check the preferences and make sure that encryption is set to Yes :)
Does this mean that we can ask for passwords on our forms now?
If we use Encrypted form can we ask for credit card details without payment processor integrations?
Can we share the private keys with others?
Yes, you can, but be mindful with whom you share the keys with, since once created your keys can not be changed.
Can we use this on free plan?
Yes, it is available for everyone - even for guest accounts, but please do note that if you are on a guest account, as soon as your session is terminated and a new guest account is made, you will need to have another key created.
This could lead to a lot of keys to care for, so what we suggest is to upload your current public key and use the current private key each time instead. The best way to resolve this however is to simply sign up for a free account and have more submissions per month (100) and avoid any possible issues with the keys ;)
Are keys created per form or per account?
The public and private key is created per account. You can clear your forms and your browser cache, change browsers and your public and private keys will always be the same.
This avoids the creation of multiple keys while it offers you a powerful feature in the same time.
It also means that you should keep your private key in a safe and secure place.
What is the difference between secure form and encrypted form?
The difference is that when you get the code for your secure form, you are getting the code (or link) for the form over HTTPS protocol. This means that there is a very strong encryption on it that creates a tunnel between our servers and the people filling out your jotforms.
As they submit the form, the form is also submitted over this same HTTPS (secure) protocol, so with just that, your forms are safe.
If you however send an email with the data clearly shown, it cancels the SSL - secure effect provided by the secure form.
Encrypted forms on the other hand will show the page over the plain protocol (HTTP), but will force the encryption to be made so that text can not be read by anyone other than you and anyone having your private key.
What happens with submissions if we lose the private key?
If you have lost the private key, then there is not much that you can do - it means that your encrypted data is lost forever, there is no copy of the same on our servers and it is not possible to crack the one that you had.
The only recommendation is to turn off encryption right away on each form so that you can start receiving the submissions - which you will be able to see (as the encryption is turned off), while you can leave the encrypted submissions in your Submissions Panel in case you find the key at some later point in time.
What should we do if we lost the key, but want to keep encryption?
If you lost the key, but want to have the forms receiving the data in encrypted manner the best thing to do is to contact us (simply leave the comment bellow) and we will see to have your public key removed manually - which will allow you to add a new pair of private and public keys to your account.
This however means that your old data will not be accessible to you any more - even if you find the private key you lost at some other time.
My browser opened a page with some text, instead of downloading the private key - what is that?
That is private key. Depending on your browser MIME setting you might have it set up to open the file in the browser, to download/save the file or to pass it on to some application on your computer.
For example Safari seems to show the file instead of saving it.
What to do in such cases? Just copy the content and paste it into some empty file and name it as you wish - just remember that you make it as such so that it is easy for you to find it and in a place you would not delete it from by accident.
Can we still accept payments on encrypted forms?
Yes, you can. The data that is being sent to payment processor you are using on your jotform will not get encrypted and as such will be passed to them for further handling.
So your selected packages, their individual prices and the total values will never be encrypted.
Can we turn off the encryption on our forms?
Yes. You can do that by going to Preferences
Then go to Advanced Settings and make sure to set the Encrypted Forms to No.
Is there any difference in speed if the Encryption is turned ON on our form?
The loading time of your forms should be the same, but once you hit submit, the form will after its usual validation of the inputted data also need to go through each field to encrypt it.
This means that some extra time will be added to the submission of your form, but this would only depend on the number of fields on your form and its complexity, so it will very likely take a bit of time on form with over 500 fields on it.
Are our submissions secure if we do not use the encryption feature on our form?
Your submissions are, as they had always been - secure. If you need any extra security we recommend using secure forms as they will cause the forms to be loaded over secure (encrypted tunnel) so that no one can sniff the data shown to the user, nor what they submit to back over your form.
Encryption is only here if you need that extra layer of security for your own business, and you are used to such options.
Please do note that if you are not familiar with the feature, or have not heard of the RSA algorithms, you are very likely to not need this feature at all for your form.
Can we use any integrations on encrypted forms?
Yes and no. While you can create the integration and send the data to it, please do note that (since the data is encrypted on the side of person submitting the form), the data that we get and hence can pass to your integrations are encrypted.
As such, you will not be able to use this data unless there is a way for you to decrypt the data as it is on the side of that integration. This might be possible on some services, but this is not something that we cover, and would need to check with the support of the same service.
What happens to uploaded files on encrypted forms?
They are left as they are - meaning that any file that gets submitted on your form (photo, document, etc) is left unchanged and will be passed as such to your integration, so no decryption or additional handling is required from you on them.
1. PDF Downloads,
2. Reports (this includes downloading Excel and CSV files from within Submission Panel),
3. Emails that contain form data in them.
* All server side gathered and processed data can only be retrieved in encrypted form because your private key is never sent to our servers.
Have any additional questions? Do ask us bellow in comments and we would be happy to answer them for you.