Encryption now that ODK briefcase is not supported

cleboa · May 18, 2022, 5:14pm

The Kobo website says that using ODK briefcase is required for reading encrypted forms. Now that ODK is no longer supported I was wondering how people decrypt forms since the options given on the ODK website involve paying $$

Kal_Lam · May 19, 2022, 4:25am

Welcome to the community, @cleboa! You could decrypt your encrypted forms through ODK Briefcase as outlined in the support article Encrypting Forms.

cleboa · May 19, 2022, 7:35pm

Thanks Kal. I got it set up with briefcase but the side says briefcase is no longer supported if you click on the set up briefcase link on the ODK website. They want people to use ODK central instead. I was just wondering if there was an alternate way do do this outside of briefcase or if Kobo could come up with a way to internalize encrypted forms since most data they are dealing would potentially have personal information on it and so for an IRB to accept using Kobo for phi we would have to have some sort of encryption process.

Kal_Lam · May 25, 2022, 8:44am

@cleboa, at the moment, encrypted projects can only be decrypted through odk briefcase. However, KoboToolbox will come up with its own encryption/decryption feature. This could however take time though.

cleboa · May 31, 2022, 11:18pm

Hi Kal,

Do you know what the timeline might look like? Our school’s IRB is concerned about briefcases’ non updating status.

We were hoping to continue using your service and really appreciate the work you do on it.

Chris

jnm · June 1, 2022, 2:59am

ODK does offer paid services, but fundamentally:

ODK is a suite of open source tools that help organizations collect and manage data (https://docs.getodk.org/).

You can also refer to ODK - Ecosystem for more details. Self-hosting ODK Central may also be an option for you if you cannot afford their hosted service and cannot use ODK Briefcase for compliance reasons.

Unfortunately, we do not; however, the last released version of ODK Briefcase will continue to work with KoboToolbox until a replacement is available. The nice thing about true end-to-end encryption, which you achieve by using Briefcase, is that you would only be affected by vulnerabilities on each “end”, i.e. the data collection device (running either Collect or Enketo) and the workstation where you run ODK Briefcase. Briefcase is not a piece of software that accepts requests over the network; if your workstation is secure, Briefcase does not present an additional surface area for attack. I don’t know if understanding this helps with your IRB review at all, but I wanted to clarify the situation. Good luck.

tim1 · November 6, 2023, 8:48pm

Thanks for the extra context here. I am new to Kobo Toolkit and ODK. I was wondering whether there are any developments regarding decryption functionality since this original discussion?
Many thanks

jnm · November 16, 2023, 9:21pm

Welcome! No, there have not been any further developments.

Just in case you or anyone else reading are having trouble with exporting encrypted data, there’s a recent bug (with Kobo, not Collect), that we’re fixing immediately. Updates regarding that will be posted on the other topic.