How to Increase Security by Encrypting Form Data

Megan Schroeder
March 27, 2017

Encrypting form data incorporates an added level of security by making your data private, unreadable, and tamper-proof. This security mechanism can help you meet strict data privacy requirements sometimes set by ethical review boards for research studies. For example, you should encrypt data if you have surveys on highly sensitive topics like domestic violence and want to take all precautions so data isn’t available to unintended people. This article will show you how to encrypt form data and how to decrypt the data for analysis.

Step 1: Generate your encryption keys

Form data is encrypted with a user’s own encryption keys. This ensures that even Ona engineers don’t have access to your data. You will need to generate two encryption keys:

  1. A public key, added to your XLSForm to encrypt the form.
  2. A private key, used with ODK Briefcase to decrypt the data.

You can generate the keys using an OpenSSL software package outlined in this step-by-step guide for Windows, Linux, and OSX systems.

Step 2: Encrypt your XLSForm

After generating encryption keys on your computer, you will need to adjust the XLSForm syntax of the form you want to encrypt. First, add a settings worksheet to your form, if it doesn’t already exist. In this settings worksheet, create three columns: id_stringsubmission_url, and public_key. The id_string specifies the form id name. The submission_url will be https://odk.ona.io/[your_username]/submission and is the URL where the encrypted form submissions will be accepted. For example, my form is located in the user account onahelp, the submission_url will be https://odk.ona.io/onahelp/submission. The public_key contains the public key generated in Step 1 without any spaces or line breaks. It should look like this:

Step 3: Upload your form to Ona

Then, in your web browser, navigate to your Ona account project and upload your XLSForm as you would with any other form. Once uploaded, the encrypted form will be listed with an (encrypted) label next to the form name, as illustrated in below:

Step 4: Begin data collection

You need to use ODK Collect or Ona Collect, both on the Android platform, to collect data for an encrypted form. Although Ona also supports Enketo Webforms, those browser-accessible webforms do not currently support encrypted forms.

After installing ODK Collect or Ona Collect on your Android device, you will need to configure the app settings to download the form using a URL similar to the one used in submission_url on the XLSForm: https://odk.ona.io/[your_username]. Once the form is downloaded, you can begin collecting and submitting data.

Step 5: Decrypt data using ODK Briefcase to begin analysis!

Since the data is encrypted, none of the data will be viewable in a web browser on ona.io. You will have to use ODK Briefcase to download data directly to your computer. Make sure you have correctly downloaded and installed all components of ODK Briefcase for data decryption! First, follow the ODK Briefcase instructions to PULL data from Ona to your computer. Your settings should look similar to this:

Then, decrypt the data using EXPORT in ODK Briefcase. Export your encrypted form data as a CSV and media file using your previously generated private key. Your settings will look similar to:

The decrypted data will then appear as a CSV file in the Export Directory you selected.

Read more on how to encrypt form using encryption keys and decrypted data using ODK Briefcase on our help site.

Tags