These steps repeat the actions that were taken in the video above.
Part 1: Generate key pair
You can also provide your own public-private key pair.
- On your server console, go to the Design tab.
- Under Your forms and datasets, click Tools, then Create new key. The key creator will open in a new tab.
- Enter the name for your key (this can be anything), then click Next.
- Click Download private key.
- Once the private key has been downloaded, click Next.
- Click Download public key.
- Once the public key has been downloaded, click Next.
- Only share the private key file with users who can have access to your data, since anyone with the private key file will be able to decrypt your data.
- Do not lose the private key file. If you lose the private key file, you will not be able to decrypt your data.
Part 2: Add key to form
- From the Design tab of your server console, click a plus on the left.
- Click Start new form.
- Give the form a title. The form ID will be populated automatically.
- Set Advanced options to ON.
- Make sure Do you want this form's data to be encrypted is selected.
- Click Next.
- Click Choose File, and select the public key file from the file explorer.
- Click Next.
- Start working on the form:
- To use the online form designer, click Edit online.
- To use a spreadsheet form definition, set Advanced download options to ON, and click either Download to computer or Download to Google Drive.
Is my data still secure even if I don't encrypt it using my public key?
Yes! Even without end-to-end encryption, data is encrypted in other ways. However, end-to-end encryption using your own public-private key pair is a great way to add an extra layer of security. If correctly configured, even if the collection device is stolen, or login credentials are stolen, the data will remain unreadable without the private key.
For help securing collection devices, check out our support article How to set up your Android devices for fieldwork.
What is end-to-end encryption?
End-to-end encryption is setting up encryption so that from the point where data is created (one end) to the point where data is retrieved (the other end), data is encrypted and impossible to read. In SurveyCTO, this means as soon as the completed form instance is finalized, its data is encrypted, and it is not decrypted until you go to download or view your data. Even then, the private key file is never sent over the internet.
Is SurveyCTO's key pair creation tool secure?
Yes. Key pairs are created locally in your web browser in a browser tab that isn't connected to the Internet. This keeps the key safe and secure.
If you are concerned about the security of your web browser, you can also create key pairs using SurveyCTO Desktop from Offline form tools > Create encryption key pair. You can also provide your own key pair using a third-party tool.
Can I share my public key file?
Yes. Feel free to share the public key file with anyone. This is only used to encrypt your data to make it unreadable, so feel free to share it with anyone. A copy of the public key is saved inside every copy of the form used to collect data, so the form data can be encrypted once it is finalized.
Can I share my private key file?
Only share the private key file with users who are allowed to decrypt your data.
Also, only share your private key using secure methods. One of the most secure sharing methods is moving/copying the private key from one computer to another computer using a thumb drive. Alternatively, consider using secure digital methods such as Bitwarden Send.
What happens if I lose my private key file?
If you lose the private key file, then you will no longer be able to decrypt your data, and the data will remain unreadable. We do not keep a copy of your private key, and there is no backup. So, it is crucial that you never lose the private key file.
Can I store keys inside a password manager?
Yes, you can. During the key generation process, each key will give you the option to copy it to your computer's clipboard. Use this option to paste the key into a secure note inside a password manager (e.g. Bitwarden, 1Password, LastPass). Later, when you need to decrypt data, SurveyCTO will give you the option to paste the private key rather than uploading it.
Note that REST API users who want to work with encrypted data will need a local file containing the private key.
Can I change my encryption settings later?
While you can change which fields are publishable between form versions, never change the encryption settings for a deployed form. If you would like to change the encryption settings for a form (either by removing, adding, or changing the public key), upload it as a new form with a different form ID.
Can I use the same public key for multiple forms?
Yes, definitely. If you use the same public key for multiple forms, then the same private key can be used to decrypt them. If a user should have access to one form but not another, it is usually a good idea to use different public keys for those forms.
Can I publish encrypted data, or use encrypted data for automated quality checks?
No. Encrypted data cannot be published (either to server datasets or to the cloud), and they cannot be used for automated quality checks.
You can set up your form so specific fields are not encrypted, so they can be published or used for automated quality checks. To do so, set the publishable value of the field to "yes". Fields with a publishable value of "yes" will not be encrypted, and all other fields will still be encrypted (whether their publishable value is "no" or simply blank). We generally recommend making sure all personally identifiable information (PII) is encrypted, with no publishable value.
You can also learn more about encryption in our support article Encrypting form data (end-to-end encryption).
Do you have thoughts on this support article? We'd love to hear them! Feel free to fill out this feedback form.