Encryption
Enketo now has full support for encryption-enabled forms! This long-requested feature is compatible with other tools in the Open Data Kit ecosystem and of course in particular with ODK Briefcase, the primary tool for decryption.
Why use this
Enketo has always facilitated encryption of data during transport from the browser to the data server (e.g. to Aggregate, Ona, KoBoToolbox) just like any website that uses an “https” web address (note that both Enketo and the data server need to be using https). However, some projects also require sensitive data to be securely encrypted while it is still stored on the device and while it is stored on the data server. This new feature responds to that requirement.
How it works
Encryption takes place as soon as the record is finalized and saved.
A random single-use encryption key is generated by Enketo, and this is used to symmetrically encrypt all data including file uploads such as photos. The form definition includes a public RSA key that is used by Enketo to asymmetrically encrypt the single-use encryption key. The resulting asymmetrically-encrypted symmetric encryption key is passed along with the submission. For those of you interested in the full technical details on the encryption algorithms see this specification.
Once the submission has been received on the data server, it can be decrypted in ODK Briefcase. This can be done by pulling the submissions and using the private RSA key to decrypt the symmetric encryption key that was used to encrypt the data.
The only person that should have access to the private key is the person that is entrusted with decrypting the data.
Auto-saving and saving as draft
For encryption-enabled forms, Enketo will automatically de-activate 2 features that normally exist in offline-enabled webform views: the auto-save feature and the ability to save a record as draft. This is done to avoid storing sensitive data without encryption, because even Enketo will not be able to decrypt the data once it is encrypted.
How to use
To use this feature the XLSForm needs to include a public_key in the settings sheet (and keep the matching private key secret). See the XLSForm specification and ODK documentation for more details. Note that some older tutorials mention an additional need for a submission_url. This can be ignored, as that is actually an independent feature that does not relate to encryption.
XML wizards may be interested in looking at the XForms Specification.
Limitations
The only known limitation is that encrypting photos, videos, audio and other uploaded files puts a heavy burden on a low-spec device. If the survey includes file uploads, it is therefore required to always test your survey on actual devices that will be used during collection. In addition, you may want to ensure that the uploaded file size is limited. In the future, a feature will be added to facilitate this by automatically transforming the image to a pixel size that can be set in the XLSForm.
Internet Explorer does not support encryption and will just show a helpful warning during load. To work around that lack of support, the best approach is to simply make sure to never use that awful browser for any reason.
During the course of development, a possible bug was discovered in KoBoToolbox that seems to affect some encrypted submissions with multiple uploads per record. Make sure to track this bug and test your form if it sounds like this may apply to your encryption-enabled survey.
Future
Depending on whether there is a demand, interest, and funding for this, some clever developer could now create a fancy command-line or desktop tool for decryption as an alternative to ODK Briefcase. This would seem like a really fun project for a JavaScript/Electron developer to take on, and I think the ODK community will welcome it! If interested, let us know and we will quickly split off Enketo’s internal encryption module as a separate npm module so it can be used by multiple projects and be centrally maintained.
At some point it may become worthwhile to start a discussion within the ODK group on a new modern encryption specification that is simpler and faster, provides even better security, and offers an easier out-of-the-box implementation across platforms. There is a straightforward path towards adding a new encryption algorithm without affecting users or compatibility of Briefcase with older encrypted data.
Acknowledgements
This feature was sponsored by the London School of Hygiene & Tropical Medicine as part of their program to provide LSHTM Open Research Kits to support global health research. Many thanks to LSHTM ORK for funding this important feature!
Also many thanks to the amazing ODK developers Guillermo Gutérrez (ggalmazor) and Hélène Martin (lognaturel) for helping out!
Feedback
As always, we’d love to get your feedback! Comment on this blog, tweet @enketo, or post a message in the Enketo forum. If you discover a bug, please let us know what browser you are using.
Past Posts
- 05 Oct 2018 » Encryption
- 30 Jul 2018 » July 2018 Update
- 14 Feb 2018 » February 2018 Update
- 03 Aug 2017 » Signature and Draw widgets
- 13 Jul 2017 » Image Map Widget
- 12 Jul 2017 » Enketo Customization
- 17 Apr 2017 » Repeats Revisited
- 03 Apr 2017 » Autocomplete
- 22 Sep 2016 » Single Submission Surveys
- 18 Apr 2016 » Better Exports
- 07 Jan 2016 » Pulldata support
- 22 Dec 2015 » More Markdown
- 21 Dec 2015 » Page Validation
- 20 Aug 2015 » NDI Election Monitoring
- 17 Aug 2015 » Full Right-to-left Language Support
- 29 Jun 2015 » Auto-save
- 15 Jun 2015 » Performance Boost
- 10 Jun 2015 » Saving Israel's Coastal Iris
- 19 May 2015 » How To Install Enketo On Ubuntu 18.04
- 13 Apr 2015 » Plan Changes
- 10 Apr 2015 » Enketo Roadmap
- 08 Apr 2015 » Exploring the Road of the Queen
- 23 Feb 2015 » Multi-Language User Interface
- 21 Feb 2015 » Introducing Enketo Express
- 20 Feb 2015 » Paste KML Polygons
- 27 Jan 2015 » Combatting Tuberculosis
- 06 Jan 2015 » Enketo Now Fully Open Source
- 01 Dec 2014 » Enketo Presentation at SFI Conference
- 13 Nov 2014 » Collecting User Stories
- 12 Sep 2014 » Hide Inputs in Geo Widgets
- 02 Jul 2014 » Multiple Map Layers in Geo Widgets
- 11 Jun 2014 » Distress Widget
- 23 May 2014 » Enketo in KoBoToolbox
- 22 May 2014 » New Geoshape and Geotrace widgets
- 08 Apr 2014 » Grid Theme
- 27 Mar 2014 » Divide a Form into Multiple Pages
- 10 Mar 2014 » Progress Bar
- 08 Feb 2014 » Enketo Integration into ODK Aggregate
- 07 Feb 2014 » Notes getting fancy
- 06 Feb 2014 » Enketo.org now has a FREE plan
- 09 Jan 2014 » Likert Widget
- 07 Jan 2014 » Horizontal Choice Lists
- 03 Jan 2014 » Draft Records
- 23 Dec 2013 » New Sponsorhips
- 09 Oct 2013 » Enketo Open-Source Developer Community taking off
- 03 Oct 2013 » User Interface Changes
- 04 Sep 2013 » Enketo.org launches!
- 25 Jul 2013 » Galvanizing Enketo
- 13 Jun 2013 » Approaching the stability phase
- 17 May 2013 » Presentation on Enketo for Humanitarian Nomad 2013
- 16 May 2013 » Smart Paper
- 05 Mar 2013 » Enketo starts to fly
- 13 Dec 2012 » Enketo: Why so awesome?
- 12 Sep 2012 » Enketo is now open source and will be used in formhub!
- 21 Aug 2012 » JavaScript XPath Evaluator for OpenRosa
- 06 Aug 2012 » A new name: Enketo
- 27 Jun 2012 » Quick look at Enketo’s launch area
- 04 May 2012 » Enketo’s New Architecture
- 01 Mar 2012 » Internet Explorer 10 & Offline Web Apps
- 07 Feb 2012 » Survey Tools
- 03 Jan 2012 » An Introduction to Enketo
- 21 Dec 2011 » Building a manifest with PHP
- 15 Dec 2011 » Aid Web Solutions is back
- 25 Apr 2011 » Offline-Capable Web Applications
- 24 Dec 2010 » Google Apps in Emergencies
- 15 Oct 2010 » Humanitarian Aid Browsing