zerion

Scroll
Follow

Element Encryption

Element Encryption

 

***Please note that applying the Encryption flag to an element will drop existing data for that form and recreate it in the database. Don't apply this property to a live form unless you don't need the data***


Overview

Sensitive information such as Personal Health Information can be concealed in the data views and feeds. Data encryption takes place right before the record is sent back to the server, and remains encrypted until decryption requirements are met (see below).

Who can use this feature?

Encryption check-box in FormBuilderThis feature can be applied to any project that requires specific fields to remain encrypted from a third party view, unless authorization has been provided. Only those users with the private decryption key will be able to view the sensitive data.

Decryption Requirements

Users are responsible for generating their own public and private keys. Please do not contact us asking for the encryption keys. You must create these keys locally on your machine.

 

Public Key

Public Data Key

The public encryption key needs to be pasted in the Data Security section on the Company Info page. Paste your key exactly as show in the image to the right. Anytime a new Public key is generated, users must sync their device to ensure they are collecting data with the same key.

 

 

Private Key

Public Data Key*WE DO NOT SAVE THE PRIVATE KEY*

We STRONGLY recommend that you decrypt your data after it has been downloaded from iFormBuilder application (see example below).

 

Should you choose to decrypt the data within iFormBuilder the private key will be required for each session. Click on the list view icon from the main data view page to access the decryption icon. Select the decryption icon to enter your private key to decrypt your data.


Create Keys

Click the link below to see how you can create your own set of keys for OSX.

Create Keys on a Mac 


Decrypt Data Locally

Decrypt XML data locally using this example PHP script in OSX.
 
1. Create a folder (decryptData) on your Desktop where you will place all of the assets (PHP file, Private Key, and XML file you wish to decrypt). After you generate your keys go ahead and place your private key in this folder.
 
2. Copy and paste the script below into a text editor and save it as a PHP file (decryptXML.php). Save or move the file into the folder you created in step 1.
 
3. Download the XML data from iFormBuilder that you wish to decrypt. Rename the file to match the variable ($inFile) in the PHP file. In this example we have named this file (encrypted.xml). Move or copy this file into the folder that was created in step 1.
 
4. Open Terminal and navigate to the folder we created in step 1 which should be on the Desktop unless you saved this elsewhere.
    A) cd Desktop (enter)
    B) cd decryptData (enter)
    C) php decryptXML.php (enter)
 
5. You will now have a new file in the folder you created called decrypted.xml which is exactly the same as the encrypted file except the encrypted fields will now be readable.

<?php
$inFile = "encrypted.xml";
$outFile = "decrypted.xml";
$privateKeyFile = "private_key.pem";

$header = '<?xml version="1.0" encoding="UTF-8"?>';


//-----------------------------------------------
function rsaDecryptWithKeyString($encryptedData, $rsaPrivKey){
$key = openssl_get_privatekey($rsaPrivKey);
$data = base64_decode($encryptedData);
$outBuffer = '';
if (!$key || !openssl_private_decrypt($data,$outBuffer,$key,OPENSSL_PKCS1_OAEP_PADDING)){
$outBuffer = $encryptedData; //Error. can't decrypt
}
return $outBuffer;
}


function startElement($parser, $name, $attrs)
{
global $ofile;
fwrite($ofile, "<$name>");
}
function endElement($parser, $name)
{
global $ofile;
fwrite($ofile,"</$name>\n");
}
function characterDataHandler($parser, $data){
global $ofile,$rsaPrivKey;
fwrite($ofile, rsaDecryptWithKeyString($data, $rsaPrivKey));
}

$rsaPrivKey = file_get_contents($privateKeyFile);
$xml_parser = xml_parser_create();
xml_set_element_handler($xml_parser, "startElement", "endElement");
xml_set_character_data_handler( $xml_parser, "characterDataHandler");

if (!($fp = fopen($inFile, "r"))) {
die("could not open XML input");
}

$ofile = fopen($outFile, 'w');
fwrite($ofile, $header);
while ($data = fread($fp, 4096)) {
if (!xml_parse($xml_parser, $data, feof($fp))) {
die(sprintf("XML error: %s at line %d",
xml_error_string(xml_get_error_code($xml_parser)),
xml_get_current_line_number($xml_parser)));
}
}
xml_parser_free($xml_parser);
fclose($ofile);
?>

 
Can't find what your looking for?  Before submitting a request look here!
    Was this article helpful?
    0 out of 0 found this helpful
    Have more questions? Submit a request

Comments

  • Avatar
    Guy Swartwout

    I had trouble in .NET until I used openssl from one of our Linux boxes to create my key pair. Then I used OpenSSLKey (http://www.jensign.com/opensslkey/) to read the private key. Here's a little sample console app that decrypts an XML file downloaded from iFormBuilder.

    using JavaScience;
    using System;
    using System.IO;
    using System.Security.Cryptography;
    using System.Xml;

    namespace Keys
    {
    class Program
    {
    static void Main(string[] args)
    {
    string fileWithEncryptedFields = @"C:\Temp\keys\dataXML.php.xml";
    string decryptedFile = @"C:\Temp\keys\fixed.xml";
    string[] encryptedFieldNames = new string[] { "encrypted" };

            decryptData(fileWithEncryptedFields, decryptedFile, encryptedFieldNames);
        }
    
        static private void decryptData(string fileWithEncryptedFields, string decryptedFile, string[] encryptedFieldNames)
        {
            string privateKeyFile = @"D:\Transfer\keys\private_key.pem";
    
            RSACryptoServiceProvider rsa = GetRSACryptoServiceProvider(privateKeyFile);
    
            XmlDocument xDoc = new XmlDocument();
            xDoc.Load(fileWithEncryptedFields);
    
            foreach (string encryptedFieldName in encryptedFieldNames)
            {
                XmlNodeList encryptedNodes = xDoc.GetElementsByTagName(encryptedFieldName);
    
                foreach (XmlNode encryptedNode in encryptedNodes)
                {
    
                    byte[] encryptedBytes = Convert.FromBase64String(encryptedNode.InnerText);
                    byte[] decryptedBytes = rsa.Decrypt(encryptedBytes, true);
                    encryptedNode.InnerText = System.Text.Encoding.Default.GetString(decryptedBytes);
                }
            }
    
            xDoc.Save(decryptedFile);
        }
    
        static private RSACryptoServiceProvider GetRSACryptoServiceProvider(string privateKeyFile)
        {
            FileInfo fi = new FileInfo(privateKeyFile);
    
            string overall = "";
            using (StreamReader sr = fi.OpenText())
            {
                overall = sr.ReadToEnd();
                sr.Close();
            }
            using (StreamReader sr = fi.OpenText())
            {
                string rsaPrivKeyString = "";
    
                string tmp = sr.ReadLine().Trim();
                while (!sr.EndOfStream && (tmp.StartsWith("-") || tmp.EndsWith("-")))
                    tmp = sr.ReadLine().Trim();
    
                while (!sr.EndOfStream && !tmp.StartsWith("-") && !tmp.EndsWith("-"))
                {
                    rsaPrivKeyString += tmp;
                    tmp = sr.ReadLine().Trim();
                }
    
                sr.Close();
    
                byte[] data = Convert.FromBase64String(rsaPrivKeyString);
    
                RSACryptoServiceProvider rsa = opensslkey.DecodeRSAPrivateKey(data);
    
                return rsa;
            }
        }
    }
    

    }

Powered by Zendesk