How to Decrypt Responses from an Encrypted Form Through The Web Crypto API

  • Gabor Claußnitzer
    Asked on May 19, 2025 at 4:14 AM

    Hello support team,

    our business defined an encrypted form. The answers of this should be integrated and processed for reporting.

    We already integrated the Jotform API:

    /form/<formId>/submissions

    In the submissions of the enrypted form, we found the JSON properties beside the encrypted answers:

    "encryptionProtocol""JF-CSE-V2"

    "encryptionKey": "<base64>"

    Moreover, we got the form password (access code?) from our business colleague.

    Now the question is: What decryption algorithm must be used and what are the parameters? What role does the password/access code play here?

    We already know that when the "encryptionKey" is Base64 decoded, it results in a 256 byte long key. But what kind of key?

    I have looked for other support questions as well as help articels, but I could not find the desired information. I hope you can help us.

    Best regards,

    Gabor

  • Lara JotForm Support
    Replied on May 19, 2025 at 4:28 AM

    Hi Gabor,

    Thanks for reaching out to Jotform Support. Jotform uses end-to-end encryption for encrypted forms. This means that once someone submits the form, their responses are encrypted and can only be unlocked using a private access code which is the password you set when enabling encryption on the form.

    The encryption method Jotform uses (called JF-CSE-V2) relies on your browser’s Web Crypto API to securely handle encryption and decryption. When encryption is enabled, the form generates a special key, and you’ll need your access code to read the data.

    You might notice something called an encryptionKey in the submission data, this is a Base64-encoded part of the encryption process. But even with that, the data can’t be decrypted without your original access code. If you lose this access code, there’s no way to recover the encrypted data, and we won't be able to decrypt it for you.

    For more details on enabling and using encrypted forms, you can refer to our guide on Encrypted Forms and How to Use Them.

    Give it a try and let us know if you need any help.

  • Gabor Claußnitzer
    Replied on May 19, 2025 at 4:43 AM

    Thank you for your quick answer.

    If Web Crypto API is used, what algorithm is used for the symmetric encryption? Here is a list of algorithms from official specification:
    https://w3c.github.io/webcrypto/#algorithm-overview

    Can you provide some code or pseudo code (in JavaScript or Java) that shows the encryption/decryption with the exact algorithm name and the encrypted key + password as parameters?

    Best regards,
    Gabor

  • Lara JotForm Support
    Replied on May 19, 2025 at 5:05 AM

    Hi Gabor,

    I’ll need a bit of time to look into this. I’ll get back to you as soon as I can.

    Thanks for your patience and understanding, we appreciate it.

  • Lara JotForm Support
    Replied on May 19, 2025 at 5:13 AM

    Hi Gabor,

    Currently, it’s not possible to decrypt Jotform submissions using the Web Crypto API. While the feature you’re looking for isn’t currently available at Jotform right now, we've gone ahead and escalated your request to our Developers. Exactly when or if it's developed depends on their workload, how viable it is, and how many other users also request it. If there are any updates, we’ll circle back to this thread and let you know.

    Thanks for your patience and understanding, we appreciate it.

Your Reply