Saltar a contenido

Encryption

Private, secure data transfer between your public and you.

On regular computing systems, data is stored as "plaintext", which means that sysadmins (and possibly those with unauthorised access) can potentially read that data.

And that's where End-to-end Encryption (E2EE) comes in.

End-to-end Encryption (E2EE) is a private communication system in which only communicating users can participate

Setting up E2EE

Each user has one set of keys, known as a 'Key pair'.

To encrypt your forms' answers you must first generate your personal key pair.

Go to the E2EE option on your Profile page.

Screen shot of personal key generation

When you create your key pair, two mathematically bound keys are created:

  • A public key that converts plain text into encrypted text
  • A private key that converts the encrypted text into plain text

Your new public key will be saved on the server, and you will be asked to safely keep your private key.

Passphrase

We recommend you protect your key with a passphrase/password.

A passphrase locks a key, meaning that the key can only be used when unlocked by the passphrase.

Restoring your key on the browser will soon become tedious when each time you must first find, copy, and then paste your private key into LiberaForms. To make that easier, you can tell LiberaForms to store your locked key on the browser.

That way, you will only need to enter your passphrase once per session to read your answers.

Public key

The public key is not a secret. In fact, we need to keep a copy of your public key on the server to enable encryption for you.

Private key

The private key is a secret. It is used to decrypt the data that was encrypted with the public key.

You, and only you, should know and have a copy of the your private key.

If you lose your private key you will permanently lose the answers to all your encrypted forms.

We do not know or keep a copy of your private key. If you lose your private key, we cannot help you. BE WARNED!

Using E2EE

When you create a form you will have the option to encrypt that form's answers. Just check the checkbox.

Continue using the form as you would with any other. LiberaForms will prompt you for your private key and passphrase when required.

Restoring your key

Your private key is required to decrypt answers. However, LiberaForms does not have a copy of the key.

You will be prompted to enter your private key and passphrase (if you use one) to decrypt answers so that you can read them.

You may also ask LiberaForms to store your key on your browser for you.

Sharing encrypted answers

Sharing encrypted answers with other users is done in the same way you would normally share answers.

However, access to encrypted answers can only be enabled when the users have configured their key pair.

LiberaForms will guide both you and the new user through the process.

How it works

At first glance it would appear that answers are encrypted with the user's public key, but in reality this is not the case.

Key management

LiberaForms uses two types of keys. User keys and Form keys.

User keys are unique to each user. Form keys are unique to each form.

Form key management happens in the background without user interaction.

When Answer encryption is enabled, LiberaForms will:

  • Create a new Form key pair (without passphrase)
  • Upload the form's public key to the server (required to encrypt answers)
  • Encrypt the form's private key with the user's public key
  • Upload the form's encrypted private key to the user's profile on the server

Answers are encrypted with the form's public key.

When the user reads the answers LiberaForms will:

  • Retrieve the form's encrypted private key from the user's profile on the server
  • Decrypt the form's encrypted private key with the user's private key
  • Decrypt the encrypted answers with the form's private key

This mechanism enables LiberaForms to provide seamless encrypted answer sharing.

Key sharing

When 'Alice' is sharing encrypted answers with 'Bob' LiberaForms will:

  • Retrieve the form's encrypted private key from Alice's profile on the server
  • Decrypt the form's encrypted private key with Alice's private key
  • Retrieve Bob's public key from the server
  • Encrypt the form's private key with Bob's public key
  • Upload the newly created encrypted form private key to Bob's profile on the server

Therefore, each user profile on the server has a copy of the form's private key, appropriately encrypted with their personal public key.

Key storage

Public keys are stored on the server. Private keys never leave the client.

LiberaForms uses the browser's local storage (similar to cookie storage) to manage keys on the client.

Browsers come with two types of local storage, localStorage and sessionStorage. We use both for different purposes.

localStorage

localStorage is used to store and keep data on the browser even after the browser has been closed.

LiberaForms uses localStorage to store:

  • Public keys
  • The user's private key
    • as locked and passphrase protected
    • unlocked (when solicited by the user)
  • The form's encrypted private key

sessionStorage

sessionStorage data is deleted when the browser's tab has been closed.

LiberaForms uses sessionStorage to store:

  • Public keys
  • The user's unlocked private key
  • The form's private key

This means that private keys do not persist on the browser.

Other documentation

Check out these blog posts for more insight.

End to End Encryption (E2EE) on LiberaForms
E2EE on LiberaForms: Answer Sharing
E2EE on LiberaForms: first implementation