I have an encrypted form with only one submission, to try completing the whole encrypt-decrypt-export process.
I’ve followed indications from Encrypting Forms — KoboToolbox documentation.
I reach to Pull my form after inserting the “submission_url” and “public_key” columns with its corresponding values, with the result of “Success”, but after, when I go to “Export” tab, and after “Editing Default Configuration”, check my form and press “Export”, as you can see here
…ODK Briefcase-v1.15.0 says “Export has started”, showing the timestamp, and launching an “Unexpectd Error”, as follows:
Looking inside the briefcase.log file, I find what I think it could be the reason for the unexpected error:
java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/NONE/OAEPWithSHA256AndMGF1Padding
…but I’m not sure about that.
Before inserting any data in the form, I’ve tryed to export it, to see the result and aparently, there was no error. You can see the lines writed in briefcase.log:
After doing that, I’ve generated a submission, by completing the form, and I’ve tryed to Export. The briefcase.log file contains then the followings lines:
Can some help me, please??
Thanks in advance!!
In adittion, when I go to the “Push” tab, after configurating the server and check my form, ODK Briefcase-v1.15.0 says “Partially successfull upload…”
@aortegon, did you use the same public/private keys that were used to encrypt your form? If you change, the decryption will not work.
1 Like
Thanks a lot @Kal_Lam !!
Yes, of course! I’ve just generated a pair Keys for that!
I think the cause is related with Java: see the attached briefcase’s second image; one of the lines says (line number 175)
java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/NONE/…Padding
I don’t have Java knowledege to interpret, but the last Word in this line, “Padding”, is probably indicating what I need to change in ordre to correct the problem.
Is not it? What do you (or any other) think?
Thanks in advance!!
I believe the ‘padding’ being referred to here is related to the specific encryption algorithm being used. But I suspect there is not anything you can necessarily change in your form per se; it may be you need to rebuild Briefcase against different security lib(s) which support whatever algorithm it is complaining it cant find.
See the Padding section in the ODK Encryption spec (for more than you probably want to know…)
1 Like
Thanks a lot @Xiphware !!
I’ll revise the docs you are refering!
Regards
1 Like
After reading your link, thanks another time @Xiphware , I don’t know where is the problem that not let me export.
@Xiphware , what do you exactly mean with “rebuild Briefcase against different security lib(s)” ¿? In others words, how can I do that?
Unfortunately, I’m not familiar enough with Briefcase (yet) to be able to offer much advice, beyond what little there is from the ODK Briefcase Github project page.
You might try posting to the ODK Forum for help, to see if anybody else has had similar issues (and solved them!). Unfortunately, the reality is Briefcase is no longer supported by GetODK [and if you mention you are trying to decrypt data from KoboToolbox you may just get directed back here!]
Alternatively - or in addition to - you may have to resort to searching the web and/or ODK Forums for “odk briefcase” and see what shows up; eg Search results for 'briefcase' - ODK Forum
Sorry I cant be more help
2 Likes
Thanks so much! I’ll try and I’ll say you something!
After many and many tryings, I can’t export my encrypted forms.
It seems a Java related problem: Briefcase is not jet maintained (last updated was in nov 2020), and it was tested against Java 11 (probably jdk-11.0.9). I’ve tryed to unistall Java (jre-8.411), with the aim to install the referred Java 11, but I can’t do that.
Finally, I think if it’s easier to move over ODK-Central… perhaps somebody can say me if I can have ODK-Central on my PC (Windows 10 Pro)?
Thanks a lot to the whole team, I wish to use theses tools but I’m thinking it’s not feasible!!
I’m sorry to hear that you are still having issues. So do you have encrypted data stuck in Kobo that you still need to get out? [attn @jnm ]
1 Like
Thanks for you interest @Xiphware !
I don’t have useful data in Kobo, only test data to try the whole process.
After see that I don’t reach to decrypt my test data, I’m trying to install ODK Central in my PC… but I think it’s needed a server!! Is’n’t?
Yes, ODK Central is basically a server that hosts your forms and receives submissions (from ODK Collect instead of KoboCollect, although they are ostensiby the same app…). So it would be the equivalent of running your own KoboToolbox website.
The fact you cant reliably retrieve encrypted (test) data using briefcase from Kobo is an serious issue; we definitely need to look into why its not working for you.
FYI, we do have an item on the roadmap for end-to-end encryption support in Kobo (ala ODK Central’s encryption support today), that will likewise eliminate the need for briefcase. But I cant give you a date yet when it will be available.
1 Like
So to convince myself that this should be working… I’ve created a simple form containing the requisite public_key in the setting sheet:
SimpleForm_encrypted.xlsx (18.4 KB)
I uploaded and deployed this form to both Kobo (kf.kobotoolbox.org) as well as an ODK Central instance. Then I submitted a couple of submissions to each, one from Enketo and the other from KoboCollect/ODK Collect as appropriate. I then ran my local copy of briefcase against both, first the Kobo server and then the ODK Central server, to pull down the two form submissions and then export (and decode) them, after having put my private key in the appropriate PEM file location briefcase config setting. After export the resulting csv’s contained my original submission data.
After submit into Kobo (you can see both submissions are indeed encrypted):
After pull and export from briefcase, this is the resulting csv with the correct original unencrypted submission data:
So I can confirm that this is, or should be, working (against both Kobo and Central). I’m running macOS as it happens, but that shouldn’t matter (?)
Can you perhaps carefully step thru everything you did in your setup. Encryption stuff can be a bit painful - if you get any little thing wrong the whole process will typically fail at the end [which is why its always good to ensure you do a full end-to-end dry run before committing any real data. So kudos that you are!]
1 Like
BTW, I’d also start simple, like I did. Use a very simple form, no fancy attachments, no images, etc. You can trying adding those in later once you have something basic confirmed as working.
1 Like
FWIW, this is my java env:
% java --version
openjdk 17.0.10 2024-01-16
OpenJDK Runtime Environment (build 17.0.10+0-17.0.10b1087.21-11609105)
OpenJDK 64-Bit Server VM (build 17.0.10+0-17.0.10b1087.21-11609105, mixed mode)
1 Like
Thank you very much, @Xiphware ! As a last solution, I’ll try to reproduce your Java environment, and I’ll inform you all,
1 Like
Hi @Xiphware
I’m using your SimpleForm_encrypted.xlsx file to see how woirks the process with it.
The first time I’ve tryed, (no changes in your file, even the public_key remains the same), I’ve obtained exactly the same result as I’ve with my form: “Unexpected error. See logs”.
After that, I’ve changed your public_key, to have the mine, which correspond to the private_key PEM file. No others changes, your file is exactly the same. Nevertheless, when I Pull with Briefcase, I obtain a different error message (that I’ve see other times, also with my forms): Error parsing form definition…
In other occasions, to deal with this error messsage, I’ve tryed to change the form_name, in order to avoid the use of characters like “¿” or “?” or similar… but your form don’t have theses characters, so, I don’t know what is causing this error.
In adition, I can explain that I’ve tryed to unistall all Java versions, and install version 11 or 17… but I don’t reach to have success with theses Java versiones… ¿? I have downloaded also Java 8u421 (the last Java version), but when executing the bin file, don’t happens anything, so I must to execute the 8u411 version, and the Java installation occurrs as expected. I’m not experienced enough with Java, so perhaps there is something I’m not doing correctly.
Thanks a lot for your time and attention!!