Encryption now that ODK briefcase is not supported

The Kobo website says that using ODK briefcase is required for reading encrypted forms. Now that ODK is no longer supported I was wondering how people decrypt forms since the options given on the ODK website involve paying $$

Welcome to the community, @cleboa! You could decrypt your encrypted forms through ODK Briefcase as outlined in the support article Encrypting Forms.

Thanks Kal. I got it set up with briefcase but the side says briefcase is no longer supported if you click on the set up briefcase link on the ODK website. They want people to use ODK central instead. I was just wondering if there was an alternate way do do this outside of briefcase or if Kobo could come up with a way to internalize encrypted forms since most data they are dealing would potentially have personal information on it and so for an IRB to accept using Kobo for phi we would have to have some sort of encryption process.

1 Like

@cleboa, at the moment, encrypted projects can only be decrypted through odk briefcase. However, KoboToolbox will come up with its own encryption/decryption feature. This could however take time though.

Hi Kal,

Do you know what the timeline might look like? Our school’s IRB is concerned about briefcases’ non updating status.

We were hoping to continue using your service and really appreciate the work you do on it.

  • Chris

ODK does offer paid services, but fundamentally:

ODK is a suite of open source tools that help organizations collect and manage data (https://docs.getodk.org/).

You can also refer to ODK - Ecosystem for more details. Self-hosting ODK Central may also be an option for you if you cannot afford their hosted service and cannot use ODK Briefcase for compliance reasons.

Unfortunately, we do not; however, the last released version of ODK Briefcase will continue to work with KoboToolbox until a replacement is available. The nice thing about true end-to-end encryption, which you achieve by using Briefcase, is that you would only be affected by vulnerabilities on each “end”, i.e. the data collection device (running either Collect or Enketo) and the workstation where you run ODK Briefcase. Briefcase is not a piece of software that accepts requests over the network; if your workstation is secure, Briefcase does not present an additional surface area for attack. I don’t know if understanding this helps with your IRB review at all, but I wanted to clarify the situation. Good luck.

1 Like

Are there any updates on the timeline for internal form encryption? Our institution is also still facing issues with meeting IRB data security standards for the ODK Briefcase workaround.