This author's response time can be up to 5 business days.
Can you Gravity forms plugin send results of user input to an email address encrypted?
Gravity Forms Encrypted Fields
Short answer , YES. There is a developers tool to send out the existing encrypted version of field data, or generate an encrypted version of field data through a custom merge tag. So even if the field data is not encrypted in the database it can still be sent out encrypted in the confirmation result or notification emails.
(..It can also send out encrypted data as unencrypted and readable in notification e-mails)
However .. long answer. This is a DEVELOPERS TOOL, and we do not support or assist in however one is going to handle that data on the receiving end. A developer can dissect this plugin and fairly easily ascertain the proper way to decrypt the field data for a given installation using the unique private keys for that installation but we do not officially provide any support or documentation for that or other custom development based on this plugins encryption.
The client needs to show the site to an insurance provider and prove the forms are encrypted. how can an outsider see that the forms are encrypted? in case you need it, my purchase code is 09f4ef2d-2ad6-48be-9886-e58acf163183
Well, If it were myself I would log into the SQL database and show them the direct encrypted data.
On the wordpress end its not built to necessarily show the direct encrypted data within the admin interface, but you could always just deactivate the plugin for a second and view the entries page, or a single entry. You’ll see all the encrypted data there instead of the pretty restricted display. .. although the plugin would be down during that time if the site is live.
Perhaps the next version should have an option to simply pass the full encrypted data instead of the restricted displays. However, it wouldn’t be recommended to leave it on.
ok so i installed the plugin on a staging version of the same site (because i dont have access to the database of the live site). i made a submission on the form but in the database i’m not seeing the data as being encrypted. on the encryption settings once all the requirements are checked green, all forms should then be encrypted right? if there’s more i need to do please advise.
Please read the full instructions at the top on the settings options page to get started.
This plugin does not globally encrypt all data on all forms. You need to set the fields requiring encryption to be encrypted within the forms edit page using the fields advance tab. Once plugin setup is complete and encryption is turned on for a given form field, that forms submissions will have that fields data encrypted in the database.
aha!....i’m an idiot. lol thanks.
No worries. Glad to point you in the right direction!
We wanted to follow up and notify you that ver 3.2 which was just released has the option to enter “Encryption Verification Mode” now. Which when turned on reveals raw database values directly in the entries views without having to disable the plugin or access the database so you can see the encrypted strings directly there within the backend . Hopefully this is useful to you. Please refer to the options instructions before any use.
I’m trying to upgrade to the latest version from v 2.0. What is the decrypt tool? I know I need to decrypt everything, and I have copied by webkey, and have all p/w’s. Not sure where to go from here.
Thanks in advance,
The decrypt tool was added in the version immediately following 2.0. For now you should reinstall 2.0 if you haven’t already.
Please send us an email here
so we can send you an intermediate version to upgrade to that has the decrypt tool. Using the intermediate version you can decrypt your form entries per instructions in the 3.1 readme file for upgrading, and then you can upgrade to 3.1. Please follow all instructions in the readme file to upgrade to the intermediate version, and also from that to 3.1
I am looking at building a form that will collect CreditCard information for a reservation system. Currently, I am using a custom built HTML/JS form that sends an email with the CC info PGP/GPG encrypted which is then decrypted by the company that receives the reservation email.
Can your plugin provide the same level of public/private key encryption so that I can transmit CC information securely by email and have be able to be decrypted by the receiver?
Well, technically speaking this plugin isn’t designed or purposed to be used for encryption of data transmission but rather its purpose is mainly to protect data at rest. That said the type of encryption is different but is for all intensive purposes equal or ahead in terms of data protection when used properly.
..While this plugin can send data encrypted in emails, it does not encrypt the e-mail itself, and for your specific case you are speaking of collecting and transmitting data that needs to be PCI compliant (without the use of Gravity Forms own card processor gateways like Stripe, PayPal), and should consult the PCI Regulations and other authorities on what would be required of you in this scenario.
I had the plugin working on a testsite. Now i have installed the plugin on the livesite. The entry on the email field is not encrypted in the table prefix_postmeta in de database.
Assuming all of the system and encryption test is good to go, please be sure that you have turned encryption on for the e-mail field in the form editor on that fields advanced tab.
Also note that previously existing field data is not encrypted by turning encryption on for a field. It will be hidden as restricted but is not actually encrypted since encryption takes place on entry submission and/or update. You must use the encrypt/decrypt form tool to specify the form and if you are just retro encrypting only certain fields .. the fields to encrypt and run encryption on all past entries for the form.
Please upgrade to the latest 3.1 version if you are not running it already as it has usability improvements to the form encryption tool if you need to use it, and read instructions for the tool before use.
Does this work with gravity view? so that only admins can see encrypted info?
..Well, unfortunately we can’t give a complete compatibility check and green light for gravity view, but we CAN say that users have reported it working just fine with their respective versions and usage of that plugin at this time.
Assuming basic compatibility , setting up an admin only view would be done through that plugin , and additionally you could/should narrow decrypted view permissions to the admin role or users only through our Gravity Forms Encrypted Fields plugin.
The plugin is encrypting great, but the general search is not working. When you click on entries in Gravity Forms, there is a search field in the top right and it is not working. Is it searching on the encrypted values? Any idea?
Check out the “Native search permission” option on the settings page. That will allow specified users to also retrieve encrypted values in their searches.
Without using that, standard searches will sometimes return encrypted values if the searching user has decrypted view permissions for that field data but standard searches are very unreliable do to the nature of encryption. Because if you search for “bob” and “bob” is encrypted as ”!?75457fhcb)(!!” ..there’s no “bob” to find.
Hope this helps resolve your search issues
Thanks for the quick reply. I tried entering a list of comma separated usernames (user1,user2,user3) but it didn’t work. Is there something I am missing? Do I need to put the role in there also?
The user name is all that’s needed. No spaces around commas. Please also note the directions on the usage of it ..specifically concerning not being able to search for partial values. That’s just not currently possible due to encryption. It’s recommended to just search for an entry based on a field with a simple input where you can search its exact value like a first name or email ( capitalization variants are looked for as well) ..make sure you save changes.
That worked, thanks.
Would it be ok to use an import entries plugin with the GF Encrypted Fields plugin? Here is the link to the plugin I am looking to use to import old entries https://gravityview.co/extensions/gravity-forms-entry-importer/
This is not something we’ve tested but others report using gravity view just fine. You would have to use the encryption tool to encrypt any old entries that do not have encryption if you want them to be encrypted.
I am having an issue. I’m trying to run a decrypt on my fields to upgrade, but it’s not decrypting them.
Ok we would be glad to help out with that.
First please be sure to read and follow full instructions for each option on encrypt/decrypt tool. Most common reason for that behavior is a missing option setting that is required.
To run basic batch form decryption you need to enter “decrypt” into the encrypt / decrypt option on top, and specify the form to decrypt. You also need to enter a number in the “max entries per run” option if you are not specifying certain entry numbers for that form. Otherwise it defaults to running 0 as a safety measure. You can just set it at 200 to run up to 200 entries per run. If you have more entries than that do the next run with the “start offset” option beginning at 200. ..next run would be at 400. ..etc.
You do the same thing to encrypt after updating but change the encrypt/decrypt setting to “encrypt”
Yea…..it “is” the small things isn’t it? SMH LOL Thanks for your help!
No problem, glad to be of assistance
Hey….sorry. One more thing. Why wouldn’t it save the website key?
It’s a specially separately generated key. It should regenerate the same key when you save unless you changed it from the unique auto one for some reason, but when you upgrade ,be sure to follow the readme file upgrade instructions. There’s one instruction in there that covers this issue.
Nothing was changed, I had saved the webkey from previous generations, but it gives me the “Website Key: NO “Save settings to generate key” This site promoted from a dev server, and when I upgraded the dev server, everything went fine. Everything else with the plugin works just fine, except saving the website key.
Hmm, I’m assuming youve saved the settings on the options page already? Even if you haven’t changed anything you need to save them to generate the key. If you’ve done that and it’s still not working It’s likely something to do with your write permissions to your server directory, but for a quick fix .. assuming you have the old copy of the plugin on the dev server still, and you can just copy the “includes” folder from there and overwrite the one on your live server with it. ..this folder should not be replaced on update to save the website key.
O.k. So that’s the issue. So the plugin needs to be able to write to the includes folder then?
Correct. If you’ve added any restrictive htaccess rules or other security based server changes they could be interfering with the auto generation. But once it’s hereafter it’s good to go as long as you don’t replace the folder.
Is there any chance you will make the plugin compatible with the function “review before submission” where people can review their entries before the form is submitted? I have tried various settings but none seem to work. The fields are (correctly) encrypted as soon as the button is clicked to advance to the next page of a multi-page form, on the review page the entries are therefore not visible.
There are no current plans to change when the encryption takes place. If you create a standard multi page form without the use of the “review before submission” plugin and encrypt fields on it you’ll see you can flip between pages and the data remains unencrypted until actual submission. We have not looked into the functionality of the plugin you are using but It seems that it may be altering the normal core functionality of how a multi page form normally works if the data is actually already being encrypted on page changes.
..Just as a hopefully helpfull note, there may be some ways to encourage data review without using that particular plugin. One of the things we have done in the past is to just use conditional logic to hide the submit/next page button until a user clicks a checkbox stating that they have reviewed the information entered for accuracy. This can be done per page.
Many thanks. Yes, it does indeed appear that the code we use for this is not playing nicely with the encryption at all. We already do what you suggested (ask for a tick in a box) and this works fine too.
I turned on ENCRYPTION VERIFICATION MODE but the data in the entries screen is decrypted. I was expecting the data to show encrypted after turning on verification mode. Was I incorrect in my assumption?
Encryption verification mode is for viewing your entry data as the raw encrypted database values ..if it is encrypted.
Is the data for the entries you are viewing encrypted? It will not show unencrypted data as if it were encrypted, It only reveals actual encrypted values.
If you are looking to see a sample of an encrypted value, the “DATABASE STORED DATA” field in the “ENCRYPTION TEST” is a sample of encrypted data.
If you need to encrypt old entries that were submitted before encryption was turned on for the fields you can use the “Encrypt/Decrypt Form Entries” tool at the bottom of the settings page to accomplish this. Please follow all instructions on the tool carefully.
The sample of an encrypted value does show encrypted data. I submitted a new form entry after the plugin was activated and configured, however, the new form submissions are not encrypted in the database. What else might I look for? Everything has green checks by it and it does say that encryption is on from the plugin settings screen.
Well, from your description of things I am guessing that you have the plugin configured properly, but you have not yet turned encryption on for any of the forms individual fields in the form editor yet. Encryption / Hiding needs to be turned on per individual field in the fields advanced tab. That is also where you would set individual or role based view permissions for the single field.
You can hover over the help icons by the field settings in the fields advanced tab to get more info on any of the settings in there.
My mistake. I didn’t realize I needed to turn on the encryption, field by field, in the advance tab. All is working as expected. Thanks much for responding!
Glad to be of assistance and thank you for the purchase.
Yes, it is a good idea to only turn encryption on for the fields that actually need to be encrypted. You can alternatively turn on “Hide Field Value” for any fields which do no really need to be encrypted, but would be good to be hidden from any other prying admin eyes.
Hi, I’ve installed the plugin as required but when I save the settings I get no website key. Also when I add a custom key of my own it doesn’t save it. What am I doing wrong? Thanks for any help.
Im sorry, we do not have you listed as an authorized user of this plugin. From where was your copy of it obtained?
It was purchase by the lead developer at our firm. I don’t have his username.
No problem. Please either have them log in and confirm the purchase on this comment thread, or request the purchase code from them and send it to us via the author contact form here
Thank you. We have received your email, but it does not contain the purchase code. The purchase code can be obtained by having the purchasing user click on the “download” link under the item on their downloads page. There it will be available as a .pdf or .txt file.
Thank you, we have received your valid purchase code. Please check with your lead developer that your WordPress installation has sufficient write permissions to its own directory for initial set up. If you have various restrictions in place disallowing this you can enable them again after setup is complete.
Can you tell me exactly what to open up, permissions wise? I saw a post that said it might be an issue with the includes folder needing to be opened. We did that and it still did not generate or save a key.
Do you have higher folder level restrictions in place?
You can always generate your website key manually if needed. If you cannot ascertain the server permissions blocking the key generation please e-mail us again and we will send you instructions for manual key generation.
These manual generation instructions have just been added to the next version of the plugin as well.
Awesome, thanks. I have everything set and encryption is turned on. I created a new form and set the fields to encrypt in the advanced tab. However when I filled out the form then viewed the entry in the CMS, the entry in not encrypted.
Hmm, I’m actually assuming it is likely working properly.
It sounds like you are seeing the data as normal simply because you have the viewing permissions to do so. If no particular users or roles were entered into the user view permissions for the fields and the settings page user lockout list isn’t on lockdown mode then by default ALL admin form entry viewing users will have viewing permissions and will see the data as decrypted in all entry and export interfaces. Once any user or role has been entered, the viewing permission is restricted to only the entered users/roles, and any restricted users would see the encrypted or hidden “restricted display” which is whatever you’ve set that to be or nothing.
However, If you’d like to just check and see if its encrypted regardless of your currently configured user/role viewing permissions you can turn on encryption verification mode from the system check portion of the settings page and then check the entries again from any user login. It is very important to follow all instructions for that option while using.
Yep, working. Thanks!
I’m considering this plugin for my team and have some questions. Can you explain how search behavior is provided? Is data encrypted using a static, unsalted key? Where is the key stored if it’s not stored in the database? Last, would it be possible to review the code before purchasing, so I can be comfortable that the encryption logic is up to date with latest info sec guidelines?
Last, we’re running an old version of PHP (5.3). I understand this isn’t supported, but can you comment on whether or not you would expect it to work?
1. Due to encryption logic and needing to not leave completely unwrapped data somewhere to search, search functionality is provided on exact terms only.. no partial terms (cannot search for “dave” inside of “dave is cool”). Without spilling our programatic logic tricks, I can say that the search does not in any way compromise the integrity of the encryption as it is a one way path that cannot be reversed to arrive at original data. ..also the native search functionality is limited to specific assigned users or roles.
2. The encryption is not static. it is randomly salted/IV.
3. The key is split in such that the entire WordPress server installation and DB would need to be compromised in order to reconstruct the key and reverse engineer the key path to attempt decryption. .. which is a complete breach of WordPress itself. ..A database breach alone will not give a working key and admin login breach can be stopped by password lockout of the settings page with locked down decrypted access.
4. encryption is either
MCRYPT_RIJNDAEL_128 in CBC mode or
salt/IVs are random
5. We do not provide trial software
Thank you for the detailed response. Any comments on running this with PHP 5.3?
We have never tried it to see what if any functionality would be retained, but compatibility was built looking forward to 7+.
Without thoroughly reviewing the plugin’s functions I can say that there are definitely some core functions which are PHP 4+.
I imagine some old plugins are keeping you at 5.3? Otherwise of course if you are able to upgrade, 5.4 would be relatively safe to run it on at this point in time ..although unsupported due to forward looking additions, changes and improvements.
Terrific, thanks again. We’re looking into upgrading and just wanted to get as much info as possible.
No problem. using 5.6+ would of course be preferable for many other reasons than this plugin alone
Hello, is it possible to mask the form entries as a lead is filling out the encrypted form? I thought it was possible to have each character turn into a star as in *** when they are entering in their information into a form?
Input character hiding is accomplished by selecting “Enable Password Input” from a fields advanced settings tab in the form editor. This will simply hide the users input as they type with an asterisk.
This is a standard Gravity Forms feature.
Gravity Forms Encrypted Fields adds custom output masking for fields in displays. This allows you to customize the masking of the data on output displays such as email notifications and viewing entries on the back end
See the option “Field Output Masking
and Permissions Bypass” on the plugin settings page for details.
thanks for the quick response. I’m looking at the advanced settings tab in the form editor and there is no “enable password input” selection
I believe it is available on a single line text field.
What type of field are you adding?
perfect. that was the problem. I was adding fields for date of birth. but I just changed it to a single line text field and added a placeholder. thanks!
You can use an input mask from the general options tab as well to restrict input to a date format but the input hiding operates oddly with a mask in place so i do not necessarily recommend it.
Hi, we passed every test on the plugin’s system check, but get the following two errors:
1. “Notice: Undefined variable: creatinguser in C:\inetpub\wwwroot\wordpress\wp-content\plugins\gravity-forms-encrypted-fields\gravity-forms-encrypted-fields.php on line 173”
2. in the fields set up view: “Notice: Undefined offset: 2.”
Can you please describe your WordPress environment?
Also what type of encryption are you using?
Although there is no reference to that variable on that line in the current version of the plugin we did find a potential for a bug in regards to that variable in the current version which has an undefined reference to it and have corrected it.
Please provide your environment so we can determine which setups if any others may be affected. Yours is the first to be reported so understanding the environment would be helpful.
We already just submitted a new version with that error corrected currently so it should be available in a few business days. If you would like to receive a copy sooner please contact us HERE on the right hand side via e-mail and we can email it back to you.
Thank you for bringing this to our attention.
..Also you may want to try to disable other plugins and then run Gravity Forms Encrypted Fields again. It is very odd that the error is reported on a line where the variable is not even referenced and considering your installation has the only reported issue that could point to some other plugins code error somewhere.
Either way please download the updated version (3.4) as soon as it is approved for release, or you can contact us as described above for an expedited copy. Although a potential error with the variable was corrected, the issue may be coming from elsewhere outside of this plugin yet.
Hi, thanks for the quick reply. I deactivated all plugins while testing the forms. I also encrypted each field individually.
Here’s more information about my environment:
PHP version – 7.0.14
Wordpress version – 4.6.1
Gravity Forms plugin version – 2.1.3
plugin version – 3.3
Thank you. If the error persisted with plugins disabled please send us a quick email through our author contact form and well send you a copy of 3.4.
Message sent! Thank you.
You should have ver 3.4 in your inbox. Please let us know if this resolves the issue.
We just completed a successful test environment run of the following system environment with no reported errors on any operations. The WordPress version difference should not factor. It seems there was just a small code error that needed correction. Thank you again for reporting it so we could resolve it quickly. Version 3.4 will be available for general download within a few business days after it is approved by Envato staff for release.
PHP version – 7.0.14
Wordpress version – 4.7.3
Gravity Forms plugin version – 2.1.3
Gravity forms Encrypted Fields version – 3.4
Hopefully the issue have been resolved for you as well but of course let us know if it oddly persists.
Use, by you or one client, in a single end product which end users are not charged for. The total price includes the item price and a buyer fee.
Use, by you or one client, in a single end product which end users can be charged for. The total price includes the item price and a buyer fee.
View license details
Get it now and save up to $11.50
Unlimited downloads only
$29 p/m on Envato Elements
Download over 18,000 items now
Learn almost anything with
Envato Tuts+ for free
9000 free tutorials, 3000 paid courses
Designers matched perfectly to
you on Envato Studio
2000 artists ready to undertake your work