Encrypted Forms and How to Use Them

Last Update: August 11, 2017

CAUTION: The Preview Before Submit Widget will create a conflict with the encryption process and the data will not be encrypted. Please do not use this widget on your encrypted forms!


An Encrypted Form offers another layer of security on top of the already secured forms and submissions we offer. You may have read about this on our blog, Introducing Encrypted Forms: The Ultimate in Online Form Security.

If you're here, then you're probably looking for more info. Be warned that this is way longer than our usual guides so below is a quick list of all the questions answered here so you can quickly jump to the questions that matter to you.


Q1: Are forms and submissions secure without the encryption feature enabled?

Q2: What is the difference between a secure form and an encrypted form?

Q3: How can I enable Form Encryption?

Q4: How to use an Encrypted Form?

Q5: Where can I find the private key after downloading it?

Q6: Am I notified via email when an encrypted submission comes in?

Q7: How can I decrypt the data from the Email or through the Submissions Page?

Q8: Does this mean that I can now ask for passwords and user credentials?

Q9: Can I now ask for credit card details without a payment processor?

Q10: Can I share the private key with others?

Q11: Can I use this even on the Free Plan?

Q12: Are keys created per form or per account?

Q13: What will happen if I lose the private key?

Q14: What should I do if I lost the key but wanted to keep encryption enabled?

Q15: My browser opened some texts instead of downloading the key - What is that?

Q16: Can I still accept payments on encrypted forms?

Q17: How can I turn off the encryption on my form?

Q18: Is there any difference in speed if encryption is turned ON?

Q19: Can I use any integration on encrypted forms?

Q20: What happens to uploaded files on encrypted forms?


Q1: Are Forms and Submissions Secure Without the Encryption Feature Enabled? | TOP ↑

Your forms and submissions are, as they have always been, secure. If you need an extra level of security we recommend using the secured URL of your forms as they will cause the forms to be loaded over a secured (encrypted tunnel). Remember, your form URL comes in two varieties:

HTTP URLhttp://www.jotform.com/1234567890

HTTPS URLhttps://www.jotform.com/1234567890

All forms you create now use the SSL (https) version by default. So yes, your forms and submissions are secure even without encryption.

Note that if you are not familiar with the feature, or have not heard of RSA algorithms, then you'll most likely not need this feature at all.

Q2: What Is the Difference Between a Secure Form and an Encrypted Form? | TOP ↑

When you get the embed codes (or the URL) of your secure form, it will use the HTTPS protocol. This means that there's a strong encryption that creates a tunnel between our servers and the people filling out your forms. As they submit the form, the form is also submitted over this same HTTPS (secure) protocol, so with just that, your forms are safe.

While a secure HTTPS form encrypts data in transfer, an encrypted form encrypts the stored data on top of that. There is no way to decrypt the stored submission data without the correct private key (more on this later). For ultimate security, we do not store the private keys on our end when you use encrypted forms.

Q3: How Can I Enable Form Encryption? | TOP ↑

On your Form Builder, go to SETTINGS > FORM SETTINGS > SHOW MORE OPTIONS > then toggle the ENCRYPT FORM DATA option to YES.

As soon as you toggle it to YES, you will get a modal popup (shown below) that will ask you to add your own public key or to have one generated for you, so we will go through both options.

1. Generating the Private key for you

This is the recommended way if you're not sure how to create private and public keys since we will make them both for you - Remember, they must be created properly for you to be able to utilize this powerful feature.

To get it done, just click the CREATE ENCRYPTION KEYS FOR ME button.

You will see it rotating a bit.

And then, you will be prompted to save the key.

If you're not prompted to download it, don't worry because we got that covered. You can just click on the DOWNLOAD PRIVATE KEY button and that's it.

Our recommendation is to save it in a place that is both easy to find and you can be sure that it will not be removed. This is an important step, since no one will be able to decrypt the data if the private key is lost.

2. Uploading your own public key

So, you are a pro at this and would like to generate the private and public key pair yourself - Great! 😉

Example:

Within your terminal (Unix-based OS) run the next command to generate a private key file.

openssl genrsa -out rsa_2048_private.pem 2048

Then run the next command to generate a public key file.

openssl rsa -pubout -in rsa_2048_private.pem -out rsa_2048_public.pem

Finally, upload generated rsa_2048_public.pem key file to JotForm.

As soon as you upload the public key, it is added to your account.

Q4: How to Use an Encrypted Form? | TOP ↑

You use it just as you would any other form in your account. The only visual difference is a small green lock icon beside the submit button. Also, your data is now securely encoded before it is submitted, so do not worry about those strange characters that appear on the form just a moment before the form is submitted - It's just Podo, going through your data and making sure that they leave that browser in a secure, encrypted way.

Q5: Where Can I Find the Private Key After Downloading It? | TOP ↑

On a Windows PC, it's most likely in the Downloads Folder. So all you need to do to access it is to either type this into the File Explorer's address bar:

%HOMEPATH%\Downloads

Or click the Downloads Folder on the left nav of the File Explorer:

If you're a Mac user, check the Downloads Folder:

Q6: Am I Notified via Email When an Encrypted Submission Comes In? | TOP ↑

Yes, you are, but not in the usual way. Instead of seeing the actual submission data, you will receive an email stating that YOU RECEIVED AN ENCRYPTED RESPONSE. It looks like this:

Q7: How Can I Decrypt the Data from the Email or Through the Submissions Page? | TOP ↑

When you try to view an encrypted submission, you will be asked to upload your private key. This is where you will use the private key you downloaded earlier.

As soon as you're done uploading it, it will show a success message.

Once you click on the X at the top right corner of the modal popup, it will decrypt the data.

If you're not seeing any modal popup when trying to view an encrypted submission, this could only mean two things:

1. Your form is no longer encrypted that's why it is not asking you to upload a key. What this means is that if you make some encrypted form as non encrypted, you will be able to open the submissions without being asked for the private key, while as soon as you turn the encryption on, it will start asking you for the private key. So, if it doesn't show up, scroll back up to Q3 above and ensure that ENCRYPT FORM DATA is set to YES.

2. If encryption is enabled but, you are not being prompted to upload your private key, this means that an incorrect private key file is stored on your browser's Local Storage. The solution is to clear the local browser storage (this is different from browser cookies) to delete the stored private key file from your browser. Once the local storage is cleared, you will be asked to upload the private key file again on your next attempt.

Q8: Does This Mean That I Can Now Ask for Passwords and User Credentials? | TOP ↑

No, this is still forbidden and will lead to account termination as per our Terms of Use.

Q9: Can I Now Ask for Credit Card Details Without a Payment Processor? | TOP ↑

No, this is also forbidden and will lead to account termination. User credentials, credit card details and other sensitive information are not allowed to be collected on JotForm. If you need to process payments, use any of our Payment Processors.

Q10: Can I Share the Private Key with Others? | TOP ↑

Sure you can but ideally, you shouldn't (unless you trust whom you're sharing it with). Your goal with encryption is total security so, sharing the key is upon your discretion.

Q11: Can I Use This Even on the Free Plan? | TOP ↑

Yes, of course! 😊

Q12: Are Keys Created per Form or per Account? | TOP ↑

You can have keys on a per form basis. When you choose the CREATE ENCRYPTION KEYS FOR ME option for the first time, we will generate the public and private key pair for you. The public key will be stored at JotForm and the private key will be downloaded by you.

You can choose the I WILL USE MY EXISTING KEYS option when enabling encryption on other forms if you prefer to use the same key. This is the recommended approach unless you need different keys for different forms.

And, if you choose the CREATE ENCRYPTION KEYS FOR ME option again, it will create a new key pair for that particular form.

Remember, we do not store the private keys, it means that you should keep all your private key(s) in a safe and secure place.

Q13: What Will Happen If I Lose the Private Key? | TOP ↑

If you have lost the private key, then there is not much that you can do. It means that your encrypted data is lost forever, there is no copy of the same on our servers and it is not possible to crack the one that you had.

Our only recommendation is to turn off encryption right away so you can start receiving submissions normally again. Leave the encrypted submission data on your Submissions Page just in case you find the key at some later point in time.

Note that if you can see decrypted data in some browser, but the key is lost, it may be possible to restore the key from that browser's local storage. If this is the case, contact our support for instructions.

Q14: What Should I Do If I Lost the Key but Wanted to Keep Encryption Enabled? | TOP ↑

It is possible to generate new keys by disabling the encryption feature and then enabling it again. Use the CREATE ENCRYPTION KEYS FOR ME option to generate a new key.

In case you're wondering, no, the new keys will not decrypt the old data.

Q15: My browser opened some texts instead of downloading the key - What is that? | TOP ↑

That is the private key. Depending on your browser's MIME setting you might have it set up to open the file in the browser, to download/save the file, or to pass it on to some application on your computer.

For example, Safari seems to show the file instead of offering a download.

What to do in such cases? Just copy the content and paste it into some empty file and name it as you wish. Just remember to save it in a safe place and never lose it.

Q16: Can I Still Accept Payments on Encrypted Forms? | TOP ↑

Yes, you can. The data sent to the payment processor you are using will not be encrypted for further handling. This way, your products/subscriptions/donations, their individual prices, and the total values will never be encrypted.

Q17: How Can I Turn off the Encryption on My Form? | TOP ↑

On your Form Builder, go to SETTINGS > FORM SETTINGS > SHOW MORE OPTIONS > then toggle the ENCRYPT FORM DATA option to NO.

Q18: Is There Any Difference in Speed If Encryption Is Turned On? | TOP ↑

The loading time of your forms should be the same, but once you hit submit, the form will need to go through each field to encrypt it.

This means that some extra time will be added to the submission of your form, but this would only depend on the number of fields on your form and its complexity, so it will very likely take a bit of time on a form with over 500 fields in it. The encrypted submission data may also take some additional time to load.

Q19: Can I Use Any Integration on Encrypted Forms? | TOP ↑

Yes and no. While you can create the integration and send the data to it, please note that the data is encrypted on the side of the user submitting the form. Therefore, the same encrypted data will be be passed to your integrations.

As such, the data itself is rather useless on the integration end since you will not be able to use it, unless, you have a way to decrypt the data on the side of that integration. This may be possible using some services, but this is not something we cover.

Q20: What Happens to Uploaded Files on Encrypted Forms? | TOP ↑

They are handled as is, meaning that any file that gets submitted to your form (a photo, document, etc.) is left unchanged and will be passed as is. No decryption or additional handling is required to access or view them.

IMPORTANT:

Some of the features that are not available for Encrypted Forms are:

1. PDF Downloads.

2. Reports (this includes downloading Excel and CSV files from within the Submissions Page).

3. Emails: Email Notifications and Autoresponder (usually emailed to the form submitters).

All server side gathered and processed data, can not be retrieved in encrypted forms because your private key is never sent to our servers.

Comments and suggestions are welcome below. If you have a question, post it in our Support Forum so we can assist you.


26 Comments...


   
rjviggia (July 24, 2015 at 02:38 PM)

Hi!

Quick question, if I'm creating forms for Patient Intake submissions; is the SSL security setting enough to protect the information or do I need to utilize this encryption option as well?

Thanks,

Rose

View Answer


   
atlspeech (July 25, 2015 at 03:11 PM)

This does not work for Safari. You may want to note that in the directions.

View Answer


   
jboltz_ihcda (August 10, 2015 at 05:20 PM)

Does this encrypt any files uploaded through the encrypted form?

View Answer


   
Bob Cibulskis (August 11, 2015 at 07:51 PM)

Need to start over on my encrypted form, please remove my keys!
Thanks..

View Answer


   
andreamparsons (October 09, 2015 at 02:00 PM)

I don't think I downloaded the correct file when asked to download my encryption key so my files are not decrypting. Would you please tell me how I can download the correct key. I can not seem to find a way.

View Answer


   
gromiric (February 08, 2016 at 11:16 AM)

I am trying to encrypt my forms for submission. When I hit the create encryption keys for me, it just keeps rotating and does not go to the "opening jotform key" screen. Why is it not generating a key?

View Answer


   
howard31 (April 15, 2016 at 03:49 AM)

Hi. I tried to turn off the encryption on my form in from the "Advanced" tab. Though it shows that the "No" option is selected, my form is still encripted.

View Answer


   
Miccharles (May 10, 2016 at 08:27 AM)

I encrypted my form but then decrypted it. I received one submission while my phone was decrypted but I don't know how to decrypt that submission so I can view the data. Can someone help me?

Thanks,
Michael C.

View Answer


   
ecaballerom (June 03, 2016 at 04:14 AM)

No quiero que salga este mensaje enviado por jotform.com al cliente que inscribe el formulario. Me pueden ayudar por favor. es en Gmail.

Noi SPA
responder a: elvis.caballero.m@gmail.com
para: elvis.caballero.m@gmail.com
fecha: 3 de junio de 2016, 04:06
asunto: Hemos recibido tu reserva en NOI SPA satisfactoriamente
enviado por: jotform.com
encriptación: jotservers.com no encriptó este mensaje Más información

View Answer


   
Coleen723 (June 05, 2016 at 08:20 AM)

Not sure what good this is if I still can't collect credit card info. And BTW - Re: What happens with submissions if we loose the private key?

It's LOSE not loose.

lose - verb
1. become unable to find (something or someone).

loose - adjective
1.not firmly or tightly fixed in place; detached or able to be detached.
"a loose tooth"

View Answer


   
RYLA5400 (July 15, 2016 at 04:20 PM)

I love the encrypted form capability. I ran into a problem while testing the encrypted form. After I filled out the form to verify everything is working, I pressed submit button and it changed to Please wait and then nothing else happened. I never got an email confirmation the form was accepted. Any ideas how I can figure out what I am doing wrong?

View Answer


   
davidwalloed (July 21, 2016 at 07:36 AM)

Please remove all keys from my account

View Answer


   
risingstarsyouth (July 30, 2016 at 05:10 PM)

Lost the keys for our account. Can you remove the existing keys? Thanks

View Answer


   
bacdeltaacademy (August 10, 2016 at 03:33 PM)

Hell, The submissions that were encrypted have all this weird text. I click on the submission, but there is nothing prompting for the key so that the text can be decrypted. What am I doing wrong.

Thanks

View Answer


   
mslw (August 15, 2016 at 08:36 AM)

Are we allowed to collect bank account details using encrypted forms? I mean IBAN and/or BIC/SWIFT codes, not credit card details. The terms of service don't say.

View Answer


   
pigglywigglymidwest (September 07, 2016 at 11:39 AM)

You may also want to note that you are unable to download the Encrypted submissions to Excel.

View Answer


   
Julie Gaudiosi (November 16, 2016 at 03:44 PM)

I am having issues with my encryption key.

Can we delete it and get a new one? If you lost the key, but want to have the forms receiving the data in encrypted manner the best thing to do is to contact us (simply leave the comment bellow) and we will see to have your public key removed manually - which will allow you to add a new pair of private and public keys to your account.

This however means that your old data will not be accessible to you any more - even if you find the private key you lost at some other time.

View Answer


   
ypuclub (November 23, 2016 at 03:54 PM)

HTML Tables do not work for depicting unencrypted data either. Like this it is very difficult to further process our finding. Please enlighten me on how to export the successfully unencrypted data!

View Answer


   
EKFEAT (March 22, 2017 at 03:57 PM)

Need my public key removed so I can regenerate a new key pair. Thank you.

View Answer


   
V2 (April 02, 2017 at 02:56 PM)

Where do you upload the key to?

I have received a submission on an encrypted form. I have downloaded the key. But I am unable to see how to use the key and view the form.

Many thanks,

View Answer


   
yeardley (April 04, 2017 at 05:25 AM)

Hi, What level of encryption is this?

Thanks, David

View Answer


   
mkapust (April 11, 2017 at 11:14 AM)

I'm on a Mac, and when I downloaded they private key it opened the text in my browser. How should I save the key?

View Answer


   
humex (May 17, 2017 at 04:34 AM)

I don't found anywhere the encryption key in my computer. Couldd you delete it? Thanks

View Answer


   
COVAIntern (June 15, 2017 at 11:49 AM)

I am in need of a new key, the old one is no longer accessible. Thank you

View Answer


   
simplyencrypt (July 05, 2017 at 05:27 AM)

Nice Blog!! . I Have Also CreateMy Own Blog Related To Encrypt In Computer Plz Visit text encryption


   
MariBiz (July 15, 2017 at 02:13 PM)

Please clarify for me.

1. The only way to view encrypted form submissions is in your browser using the JotForm console at https://www.jotform.com/submissions/###

2. There is no way to download all encrypted forms (or data), then decrypt to view/access on your local computer.

3. There is no way to print the grid of responses found at https://www.jotform.com/submissions/###

Thanks

View Answer


Send Comment