692 comments found.
Hi, I’ve installed the plugin as required but when I save the settings I get no website key. Also when I add a custom key of my own it doesn’t save it. What am I doing wrong? Thanks for any help.
Im sorry, we do not have you listed as an authorized user of this plugin. From where was your copy of it obtained?
It was purchase by the lead developer at our firm. I don’t have his username.
No problem. Please either have them log in and confirm the purchase on this comment thread, or request the purchase code from them and send it to us via the author contact form here
sent
Thank you. We have received your email, but it does not contain the purchase code. The purchase code can be obtained by having the purchasing user click on the “download” link under the item on their downloads page. There it will be available as a .pdf or .txt file.
Thank you, we have received your valid purchase code. Please check with your lead developer that your WordPress installation has sufficient write permissions to its own directory for initial set up. If you have various restrictions in place disallowing this you can enable them again after setup is complete.
Can you tell me exactly what to open up, permissions wise? I saw a post that said it might be an issue with the includes folder needing to be opened. We did that and it still did not generate or save a key.
Do you have higher folder level restrictions in place?
You can always generate your website key manually if needed. If you cannot ascertain the server permissions blocking the key generation please e-mail us again and we will send you instructions for manual key generation.
These manual generation instructions have just been added to the next version of the plugin as well. 
Awesome, thanks. I have everything set and encryption is turned on. I created a new form and set the fields to encrypt in the advanced tab. However when I filled out the form then viewed the entry in the CMS, the entry in not encrypted.
Hmm, I’m actually assuming it is likely working properly.
It sounds like you are seeing the data as normal simply because you have the viewing permissions to do so. If no particular users or roles were entered into the user view permissions for the fields and the settings page user lockout list isn’t on lockdown mode then by default ALL admin form entry viewing users will have viewing permissions and will see the data as decrypted in all entry and export interfaces. Once any user or role has been entered, the viewing permission is restricted to only the entered users/roles, and any restricted users would see the encrypted or hidden “restricted display” which is whatever you’ve set that to be or nothing.
However, If you’d like to just check and see if its encrypted regardless of your currently configured user/role viewing permissions you can turn on encryption verification mode from the system check portion of the settings page and then check the entries again from any user login. It is very important to follow all instructions for that option while using.
Yep, working. Thanks!
I turned on ENCRYPTION VERIFICATION MODE but the data in the entries screen is decrypted. I was expecting the data to show encrypted after turning on verification mode. Was I incorrect in my assumption?
Hello,
Encryption verification mode is for viewing your entry data as the raw encrypted database values ..if it is encrypted.
Is the data for the entries you are viewing encrypted? It will not show unencrypted data as if it were encrypted, It only reveals actual encrypted values.
If you are looking to see a sample of an encrypted value, the “DATABASE STORED DATA” field in the “ENCRYPTION TEST” is a sample of encrypted data.
If you need to encrypt old entries that were submitted before encryption was turned on for the fields you can use the “Encrypt/Decrypt Form Entries” tool at the bottom of the settings page to accomplish this. Please follow all instructions on the tool carefully.
The sample of an encrypted value does show encrypted data. I submitted a new form entry after the plugin was activated and configured, however, the new form submissions are not encrypted in the database. What else might I look for? Everything has green checks by it and it does say that encryption is on from the plugin settings screen.
Well, from your description of things I am guessing that you have the plugin configured properly, but you have not yet turned encryption on for any of the forms individual fields in the form editor yet. Encryption / Hiding needs to be turned on per individual field in the fields advanced tab. That is also where you would set individual or role based view permissions for the single field.
You can hover over the help icons by the field settings in the fields advanced tab to get more info on any of the settings in there.
My mistake. I didn’t realize I needed to turn on the encryption, field by field, in the advance tab. All is working as expected. Thanks much for responding!
Glad to be of assistance and thank you for the purchase.
Yes, it is a good idea to only turn encryption on for the fields that actually need to be encrypted. You can alternatively turn on “Hide Field Value” for any fields which do no really need to be encrypted, but would be good to be hidden from any other prying admin eyes.
Happy encrypting
Is there any chance you will make the plugin compatible with the function “review before submission” where people can review their entries before the form is submitted? I have tried various settings but none seem to work. The fields are (correctly) encrypted as soon as the button is clicked to advance to the next page of a multi-page form, on the review page the entries are therefore not visible.
There are no current plans to change when the encryption takes place. If you create a standard multi page form without the use of the “review before submission” plugin and encrypt fields on it you’ll see you can flip between pages and the data remains unencrypted until actual submission. We have not looked into the functionality of the plugin you are using but It seems that it may be altering the normal core functionality of how a multi page form normally works if the data is actually already being encrypted on page changes.
..Just as a hopefully helpfull note, there may be some ways to encourage data review without using that particular plugin. One of the things we have done in the past is to just use conditional logic to hide the submit/next page button until a user clicks a checkbox stating that they have reviewed the information entered for accuracy. This can be done per page.
Many thanks. Yes, it does indeed appear that the code we use for this is not playing nicely with the encryption at all. We already do what you suggested (ask for a tick in a box) and this works fine too.
I am having an issue. I’m trying to run a decrypt on my fields to upgrade, but it’s not decrypting them.
Ok we would be glad to help out with that.
First please be sure to read and follow full instructions for each option on encrypt/decrypt tool. Most common reason for that behavior is a missing option setting that is required.
To run basic batch form decryption you need to enter “decrypt” into the encrypt / decrypt option on top, and specify the form to decrypt. You also need to enter a number in the “max entries per run” option if you are not specifying certain entry numbers for that form. Otherwise it defaults to running 0 as a safety measure. You can just set it at 200 to run up to 200 entries per run. If you have more entries than that do the next run with the “start offset” option beginning at 200. ..next run would be at 400. ..etc.
You do the same thing to encrypt after updating but change the encrypt/decrypt setting to “encrypt”
Yea…..it “is” the small things isn’t it? SMH LOL Thanks for your help!
No problem, glad to be of assistance
Hey….sorry. One more thing. Why wouldn’t it save the website key?
It’s a specially separately generated key. It should regenerate the same key when you save unless you changed it from the unique auto one for some reason, but when you upgrade ,be sure to follow the readme file upgrade instructions. There’s one instruction in there that covers this issue.
Nothing was changed, I had saved the webkey from previous generations, but it gives me the “Website Key: NO “Save settings to generate key” This site promoted from a dev server, and when I upgraded the dev server, everything went fine. Everything else with the plugin works just fine, except saving the website key.
Hmm, I’m assuming youve saved the settings on the options page already? Even if you haven’t changed anything you need to save them to generate the key. If you’ve done that and it’s still not working It’s likely something to do with your write permissions to your server directory, but for a quick fix .. assuming you have the old copy of the plugin on the dev server still, and you can just copy the “includes” folder from there and overwrite the one on your live server with it. ..this folder should not be replaced on update to save the website key.
O.k. So that’s the issue. So the plugin needs to be able to write to the includes folder then?
Correct. If you’ve added any restrictive htaccess rules or other security based server changes they could be interfering with the auto generation. But once it’s hereafter it’s good to go as long as you don’t replace the folder.
Would it be ok to use an import entries plugin with the GF Encrypted Fields plugin? Here is the link to the plugin I am looking to use to import old entries https://gravityview.co/extensions/gravity-forms-entry-importer/
This is not something we’ve tested but others report using gravity view just fine. You would have to use the encryption tool to encrypt any old entries that do not have encryption if you want them to be encrypted.
Hi,
The plugin is encrypting great, but the general search is not working. When you click on entries in Gravity Forms, there is a search field in the top right and it is not working. Is it searching on the encrypted values? Any idea?
Check out the “Native search permission” option on the settings page. That will allow specified users to also retrieve encrypted values in their searches.
Without using that, standard searches will sometimes return encrypted values if the searching user has decrypted view permissions for that field data but standard searches are very unreliable do to the nature of encryption. Because if you search for “bob” and “bob” is encrypted as ”!?75457fhcb)(!!” ..there’s no “bob” to find.
Hope this helps resolve your search issues
Thanks for the quick reply. I tried entering a list of comma separated usernames (user1,user2,user3) but it didn’t work. Is there something I am missing? Do I need to put the role in there also?
The user name is all that’s needed. No spaces around commas. Please also note the directions on the usage of it ..specifically concerning not being able to search for partial values. That’s just not currently possible due to encryption. It’s recommended to just search for an entry based on a field with a simple input where you can search its exact value like a first name or email ( capitalization variants are looked for as well) ..make sure you save changes.
That worked, thanks.
Does this work with gravity view? so that only admins can see encrypted info?
..Well, unfortunately we can’t give a complete compatibility check and green light for gravity view, but we CAN say that users have reported it working just fine with their respective versions and usage of that plugin at this time.
Assuming basic compatibility , setting up an admin only view would be done through that plugin , and additionally you could/should narrow decrypted view permissions to the admin role or users only through our Gravity Forms Encrypted Fields plugin.
Hi,
I had the plugin working on a testsite. Now i have installed the plugin on the livesite. The entry on the email field is not encrypted in the table prefix_postmeta in de database.
Please advice…
Kind regards,
Wouter
Assuming all of the system and encryption test is good to go, please be sure that you have turned encryption on for the e-mail field in the form editor on that fields advanced tab.
Also note that previously existing field data is not encrypted by turning encryption on for a field. It will be hidden as restricted but is not actually encrypted since encryption takes place on entry submission and/or update. You must use the encrypt/decrypt form tool to specify the form and if you are just retro encrypting only certain fields .. the fields to encrypt and run encryption on all past entries for the form.
Please upgrade to the latest 3.1 version if you are not running it already as it has usability improvements to the form encryption tool if you need to use it, and read instructions for the tool before use.
I am looking at building a form that will collect CreditCard information for a reservation system. Currently, I am using a custom built HTML/JS form that sends an email with the CC info PGP/GPG encrypted which is then decrypted by the company that receives the reservation email.
Can your plugin provide the same level of public/private key encryption so that I can transmit CC information securely by email and have be able to be decrypted by the receiver?
Well, technically speaking this plugin isn’t designed or purposed to be used for encryption of data transmission but rather its purpose is mainly to protect data at rest. That said the type of encryption is different but is for all intensive purposes equal or ahead in terms of data protection when used properly.
..While this plugin can send data encrypted in emails, it does not encrypt the e-mail itself, and for your specific case you are speaking of collecting and transmitting data that needs to be PCI compliant (without the use of Gravity Forms own card processor gateways like Stripe, PayPal), and should consult the PCI Regulations and other authorities on what would be required of you in this scenario.
I’m trying to upgrade to the latest version from v 2.0. What is the decrypt tool? I know I need to decrypt everything, and I have copied by webkey, and have all p/w’s. Not sure where to go from here. Thanks in advance, Bryan
Hello Bryan,
The decrypt tool was added in the version immediately following 2.0. For now you should reinstall 2.0 if you haven’t already.
Please send us an email here
https://codecanyon.net/user/pluginowlso we can send you an intermediate version to upgrade to that has the decrypt tool. Using the intermediate version you can decrypt your form entries per instructions in the 3.1 readme file for upgrading, and then you can upgrade to 3.1. Please follow all instructions in the readme file to upgrade to the intermediate version, and also from that to 3.1
The client needs to show the site to an insurance provider and prove the forms are encrypted. how can an outsider see that the forms are encrypted? in case you need it, my purchase code is 09f4ef2d-2ad6-48be-9886-e58acf163183
Well, If it were myself I would log into the SQL database and show them the direct encrypted data.
On the wordpress end its not built to necessarily show the direct encrypted data within the admin interface, but you could always just deactivate the plugin for a second and view the entries page, or a single entry. You’ll see all the encrypted data there instead of the pretty restricted display. .. although the plugin would be down during that time if the site is live.
Perhaps the next version should have an option to simply pass the full encrypted data instead of the restricted displays. However, it wouldn’t be recommended to leave it on.
ok so i installed the plugin on a staging version of the same site (because i dont have access to the database of the live site). i made a submission on the form but in the database i’m not seeing the data as being encrypted. on the encryption settings once all the requirements are checked green, all forms should then be encrypted right? if there’s more i need to do please advise.
Please read the full instructions at the top on the settings options page to get started.
This plugin does not globally encrypt all data on all forms. You need to set the fields requiring encryption to be encrypted within the forms edit page using the fields advance tab. Once plugin setup is complete and encryption is turned on for a given form field, that forms submissions will have that fields data encrypted in the database.
aha!....i’m an idiot. lol thanks.
No worries. Glad to point you in the right direction!
We wanted to follow up and notify you that ver 3.2 which was just released has the option to enter “Encryption Verification Mode” now. Which when turned on reveals raw database values directly in the entries views without having to disable the plugin or access the database so you can see the encrypted strings directly there within the backend . Hopefully this is useful to you. Please refer to the options instructions before any use.
- Added Encryption Verification Mode Option to encryption test section of setting page to reveal raw encrypted data on entries pages for verification of encryption.
Can you Gravity forms plugin send results of user input to an email address encrypted?
Gravity Forms Encrypted Fields
Rob
Short answer , YES. There is a developers tool to send out the existing encrypted version of field data, or generate an encrypted version of field data through a custom merge tag. So even if the field data is not encrypted in the database it can still be sent out encrypted in the confirmation result or notification emails. (..It can also send out encrypted data as unencrypted and readable in notification e-mails)
However .. long answer. This is a DEVELOPERS TOOL, and we do not support or assist in however one is going to handle that data on the receiving end. A developer can dissect this plugin and fairly easily ascertain the proper way to decrypt the field data for a given installation using the unique private keys for that installation but we do not officially provide any support or documentation for that or other custom development based on this plugins encryption.
I have about 15 sites that are a family of financial loan sites. Do I have to purchase a license for each of the sites? Do you have a Developer’s tier?
Thank you.
Thank you for your interest.
Yes, each site requires its own license
As far as we are aware we unfortunately have no way of providing developer multi-use type licensing on the product though Envato, and we are an exclusive author here. The extended license allows developers to sell the end product but both available licenses are for single end product use.
Hi, I purchased this the other day and trying to work on setting it up correctly. I have a couple fields I want to encrypt and think I’ve figured it out correctly, but how do I test to see that it is working and encrypting those fields? Is there a way to see the encrypted data on those fields? And then how do I export the form to XLS and have it be unencrypted? Right now, they just show up blank.
I can email you my purchase code if needed.
Thanks, John
Thank you for the purchase John.
Lets get you up and running here.
It would appear that you yourself do not have access to the encrypted field data. You likely have the “Encrypted Field Restricted Display” and “Hide Field Value Restricted Display” on the options page left empty which means that users without access with be returned nothing/blank for encrypted and/or hidden field data. ..sometimes this is useful, but most likely you’ll want to put something in there so that users without access can tell if theres even any data there or not and wether its encrypted or just hidden. ..all they will see is whatever you type into that restricted display.. so something like “XXXXX” for encrypted data and “information hidden” for hidden data would let you easily distinguish between the two.
If you are the only admin who needs access to that field data, you can just enter “lockdown” in the User Lockout List on the options page. Then just put your username into the User Access List directly below that and save changes.
You should be able to see ALL encrypted and hidden field data in the entries lists and detail pages then aside from any user owned fields that you did not submit. ..this goes for export/reporting as well. if you have no access you cant export it, but you would see the restricted display instead. if you have access it will display as readable in your exports.
once you have something in the restricted displays, and the User lockout list set to “lockdown” you can be sure its working by just removing your name from the “User Access List”, and you’ll start seeing the restricted displays for any encrypted or hidden fields instead of nothing. the encryption test on the option page is also very reliable indicator.
If you really wanted to see the encryption in action and you can afford to do this in your working environment just disable the plugin for a second and view the entry data again. That would show you the full encryption strings for encrypted field data. ..or you could play with the developers tool “Encrypted Merge Tags” in the options page and put custom encrypted merge tags into the forms confirmations to see the full strings show up through merge tag output.
Hopefully this helps get you up and running
Thanks! It turned out I had an Encryption Password Override set. That was blocking things. Thanks for the extra help. much appreciated.
Perfect. Glad you were able to resolve the issue.
We have clarified the “Encryption Password Override” instructions for the next version to help prevent this issue, and also added the functionality to the encryption test to warn when it is on and using Open SSL. It currently only warned for Mcrypt.
Hey there,
I am experiencing all sorts of problems with your plugin, and these issues occurred in 2.9.3 and carry over to 3.0.
Searching encrypted fields does not work. For example, we did a search “any field contains” for the word Italy. We brought up 3 entries that had the term Italy. Yet the search only returned one of them. We were able to replicate this bug with almost any word we tried.
Second, despite having the Merge Tag Filter Bypass checked on, encrypted fields are still not being sent via email notifications. In the latest example, the form has just 3 fields: Name, email, and how can we help you? The name and email (both unencrypted) are sent fine. No other info (i.e. the message) is sent.
How can we get these bugs fixed ASAP?
Well, offhand these sound more like configuration issues.
Your second issue with the merge tag info is likely not a bug but working as designed. Do you have anything set to display for the encrypted restricted display? If not you should really put something in there like XXX or whatever so that you can tell whether something actually simply isn’t showing up or the user triggering the display or action just does not have access to that data. Only users with access to the encrypted or hidden data can send out unencrypted merge tag data by simply turning the merge tag filter off. If some random customer thats not logged in r has no admin access to that data fills out the form it will always send out the restricted display for the data they have no access to in merge tags.
If you are trying to send out the unencrypted data for fields through merge tags all the time the way to do this would be to turn the merge tag filter back on, and use the tool for that called {gfef_decrypt_FIELD ID}
Decrypted Merge Tagsinstructions are on that tool if thats what you are looking to do.
Ill get back on the first issue in one sec
..For the Native Search functionality, please first be sure that the usernames that you want to have this ability are listed as instructed in the
User/Role Encrypted Field Native Search Permission
option on the settings page.
This option needs to be locked down to admin control because otherwise unauthorized users can just search for specific strings and they would know that any entry returned that is encrypted for say a select or radio button where that is an option would have that encrypted data revealed since it was returned even though its not displayed as readable for them.
Also, we would like to make sure you know that the listed functionality of the Native Search is limited to “exact terms”. You cannot search for partial content of field data. so if a field contains “this field data is encrypted” , and you only search for “encrypted” .. it would not be returned in the search. you would have to search for “this field data is encrypted” and it would be returned. You can use the “contains” or the “is” to search for the data, but you have to search for the complete data as entered.
So finding partial strings in a paragraph or sentence or word that was entered is not an option.
The search however is useful for looking up an entry by ..say a first name, or a SSN or a check/order number , DOB, city, zip, or anything else that would be a single word entry where you can simply search for the exact word/data entered.
Note: ..currently the search is also case sensitive. So it really does have to be exact. In the next version we will likely add into the Native Search so that it simply automatically also tries finding the search term with the first letter capitalized of each word and all letters in caps and all letters in lower case as well for ease of use.
We’ve also just updated the language on the merge tag filter bypass option to clarify its purpose and point to the decrypted merge tag tool for the next version. It was a little unclear as to what it would do in the current verbiage.
So what you are saying is that in order to send email notifications that contain the encrypted form’s contents, I have to manually enter all the applicable field IDs into the Decrypted Merge Tags area in your settings?
That seems quite monotonous and I’m not sure it makes sense. Just because we want the entries encrypted in the database in the event of a hack does not mean email notifications should not work by default. When an email notification is sent, the contents are not stored in the database, so this does not compromise the encrypted data – so why make emails encrypted (i.e. not working) by default? Shouldn’t the user have to turn ON encryption in the Gravity notification emails rather than the other way around?
We suppose it’s a matter of opinion, but the security consensus is that if the data is private or sensitive in nature that it’s access should be controlled by default at ALL points past user entry.
That being said it is somewhat tedious to have to enter every single encrypted field for a form to output the entire thing decrypted if that’s the intention over only needing a couple encrypted fields to be readable in the output merge tag(s).
In light of this we will look at adding an “all-fields” decrypted merge tag that just decrypts all fields on a given form for output. If this is possible it should appear in the next version.
Hopefully this will help your use case.
Great, that was to be my suggestion. Having to enter just one {all-fields} tag would be fine.
Hey – after updating the plugin to the latest version, it lost the auto-generated key and is asking me to generate a new one. Do I need to have the old key to read my forms data or will generating a new key still keep working everything as it was?
Well, per upgrade instructions in the plugins readme file you should have backed up your installations website key and password as well as the plugin folder prior to upgrading. Also there are instructions there to not replace the file which would cause you to ave to regenerate the key. However, as long as you have not made changes to your Wordpress Installs security in its .config file, if you save changes on the settings options page it should autogenerate the exact same unique secure key for you and all will be well
Be sure to follow the upgrade instructions moving forward though because they may have important details such as version 3.0 (next release) has significant changes and requires you to use the encrypt/decrypt tool to decrypt previous entries before upgrading to use improved encryption methods and re-encrypting the previous entries. ..it only takes a minute or two in general but its an important step between ver 2.9.3 to 3.0
We use a tool that automatically updates plugins because it is much easier to do than individually. But I did notice the new key generated as the same as the original.
I will manually update to 3.0 to avoid any issues.
Excellent. Yes I would agree thats a much better way to do things in general
One of the reasons we recommend using the auto key is that is will generate the same every time, but is still completely unique to your specific site install, so its not weak in security by any means.
Any chance that list fields will be supported at some point?
That’s a good question. Originally they were presenting some issues with functionality, but the plan is to revisit them to attempt to suss it out when possible. So while it’s hopefully a possibility, it’s not a given on any current development roadmap.
Great. I have two more clients I want to buy licenses for but their most sensitive info is in lists so it can’t yet be encrypted with your plugin.
..Just a report for you that lists are not gong to make it into this next version. They are stored entirely differently and will require an entire major structural addition to the current codebase to become possible. 
We will continue to look at this into the future.
No worries. We can patiently wait until you find a solution. Great plugin otherwise.
We’re looking for a wordpress plugin that encrypts certain fields and it looks like yours does that. But does the encryption key work in a C sharp program that we’re sending the form mailers directly to?
Are you trying to send out the encrypted data to a custom program then decrypt on the other side? There’s currently no way to send out the actual encrypted string data in gravity forms merge tag output but we’ve been looking into it and trying to come up with a suitable solution. We believe we are close to it at this point but are not making any promises until a working solution is fully present. This plugin uses php based mcrypt encryption so whether or not custom decryption will work in your custom program in another language base one could not say but it would require more than just the keys since this plugin does more than use keys at face value during encryption.
What might be of interest to you is the plugins current ability to send out decrypted data in confirmations for fields that are encrypted in the database. ..if you send your mail via TLS/SSL and possibly encrypt the entire-e mail (there are plugins that do this) you should be relatively just as safe as when the data was first submitted over SSL to transfer data to your secondary program. the only caveat is servers mail records etc. if your not using TLS encryption to send the mail. But of course each transfer method has its own security concerns that we will leave up to you to determine the benefit vs potential risk factors
As of version 2.9.3 we’ve written in a developer feature that adds encrypted merge tag output , so you can send out encrypted field data strings in your confirmation emails now. Of course we do not support or assist in the building of decryption on the other side, but a developer could pretty easily look at the plugin source code and assimilate a simplified decryption on the receiving end of the notification emails after parsing the e-mail and pulling the strings out.
So basically it now has the ability that your looking for and what you want to do is very possible, but you are on your own to build a system that pulls the encrypted data out of the e-mails and decrypts it properly.
hope this helps you and anyone else looking to do something similar
- Added Encrypted Merge Tags {gfef_encrypt_FIELD ID} for develpers to output an encrypted version of any field data in notifications and confirmations to be decrypted elsewhere by data or email recipient. Data that is unencrypted will still have an encrypted version output by this merge tag.
Hello,
Just installed this – all the system checks are good. I followed the instructions but encountered some weird stuff – and upon testing, the plugin is not working….
I generated a key, entered a password…all the basics are done.
At the bottom under the settings area, the form field where you’re supposed to enter “encrypt” or “decrypt” contains the following:
<?php/* if (is_admin() && current_user_can(‘edit_users’)){echo esc_html__(get_option(‘gfe_encrypt_decrypt’));} */?>
I deleted it and entered encrypt as instructed, entered the form id to be encrypted, entered 0 for “MAX ENTRIES PER RUN” and Saved settings. The status report at the top provides no info. It just says: ENCRYPTION REPORT[green padlock] : Form ID: 2
No info on how it actually went, if it’s working, etc.
I then submitted a form, and then looked at it in PHPMyAdmin. All fields are stored in plain text. What am I doing wrong?
as far as encrypting previous form entries, if you have entered “0” for max entries per run , then 0 entries will be processed. You need to enter a number between 1-200 to process the given amount of entries for the specified form.
As far as the form submission field data being stored as plain text, have you turned on encryption for any fields on the form? Please refer to the “Full Instructions” -> “SETUP” section at the top of the settings page to make sure you have turned encryption on for any fields. This would be done per field while editing the form in the each fields advanced tab under “Encryption”.
OK gotcha. The instructions are very long so I tried to skim to find what I needed rather than spend quite a while reading everything. But I get it now. I can confirm everything is encrypted and it’s working….
However, one feature I thought would be possible is being able to search forms to find a submission by name, etc. It doesn’t seem like you can search any encrypted fields, is this correct? So search function does not work?
Excellent! Im glad you are up and running
Limited search functionality works in all of our testing. It generally returns most or many of the entries with the given field search data but can be returning differentiating partial results. We are looking into how to improve this, but currently we recommend using non encrypted fields or other criteria such as date range to find specific entries.
..item details list "some search and order functionality is retained" . I have now changed this description to be more specific as to the exact expected behavior.OK. Bummer. In our implementation, we really need to encrypt the customer’s name. But we also need to be able to search submitted forms by customer name to bring up the record. We are using the standard name field. But searching for names does not work once encrypted – it brings up no results.
hmm, It might be of use to associate the names with a secondary field or data such as entry ID. If you supply the customer with the given entry ID via notification and confirmation or other generic token that is unencrypted you can always look it up by that.
..Also try using the “contains” search rather than the “is” search criteria.
..and try using the “any form field” rather than “name” specifically.
In all of our extensive testing we can generally return the desired entries while searching based on encrypted field data, but it is not considered reliable ..be sure that the user running the search has view permissions to the field you are searching. You cant search it if you don’t have view access.
Ill push this forward to be looked into for any chance of improvement sooner than later.
I did try “contains” and “any form field” which is the default but no luck. I am the user that installed it so I have to imagine I have full permissions as I’m able to set everything and view entries by browsing. Just the search doesn’t bring any results. Looking forward to continued improvement!
OK Ive looked over the Gravity forms search functions again and there really isn’t any visible solid or viable way to insert pure search right now without hacking GF core. In light of this current situation, we added a new feature to the settings page in the encryption check section which let you see the encrypted strings for custom input. You can enter what you want to search for and save ..then just copy the encrypted string and search with it on the forms entries page for reliable GF core search functionality. This could be possibly moved to the entries page itself in the future to make it more user friendly, but for now given that it reveals encryption strings allowing for pattern based decryption we’ve left it in the settings page. It’s not completely ideal yet, but for now it allows reliable search when you need it.
Version 2.9.1 * Added “Search Data” option to setting screen to allow for searching entry field data based on stored encrypted strings. ..This allows for stable search of encryoted fields.
..this version should be submitted later today for approval togo live.
Thanks for the effort….the search needs to be very easy, it’s for my client and they would not go through the trouble of copying encryption strings. It’s too much work. For now we have left the name field unencrypted because that seems to be the only way to search by name.
I agree about the search needing to be much easier. Although we’ve released the temporary solution we believe we have determined a way to possibly integrate it much better in a near future version. Once we’ve thoroughly reviewed and tested , if it is viable you should see it before too long. If not we would like to at least make the temporary process less cumbersome
OK, Im happy to report that the next version will include a reliable naitive search of encrypted field data. No extra steps needed. just type in what your looking for and gravity forms regular search will look just like it always does, only with the standard reliability of its search. This functionality is handed out to users or roles in the settings screen because without that unauthorized users could potentially find out what data is based on search criteria and results.
We are looking into other functionality suggestions and possibilities for this version before release as well, but it should be out pretty soon.
WOW. Nice job. Now all we need is encryptable list fields and it’s perfect!
Hopefully looking into those for this version as well. We’ll see if they are ready to play nice.
..Just a report for you that lists are not gong to make it into this next version. They are stored entirely differently and will require an entire major structural addition to the current codebase to become possible.
I am trying to display encrypted values in using the confirmation redirect to send encrypted strings to our ordering system. I cannot seem to get it to work. Any help would be appreciated.
Ok We’ll need a little clarification on what you’re doing. Are you trying to use the “decrypted merge tags” feature to have fields that are encrypted output their normal readable values in merge tag output for a confirmation?
Hi, I am using the gravity forms to allow the user to enter information in fields – just like normal, pretty standard actually. What complicates things is that we are sending the data entered in the fields into our system using a redirect for the confirmation. The redirect is appending data to the URL using “Pass Field Data Via Query String”. The data that is passed in the URL needs to be the encrypted version. I cant seem to get it to work at all. When I enable the encryption, the value is passed to the URL as blank. Weird thing is, when I look at the entries, in Gravity Forms, they are not encrypted. All settings in the plugin are Green and reported as OK or passed. So, just not sure if this plugin is capable of doing what i need or not.
..Well let’s take a look at what could be happening here.
1 the data your looking at in entries is likely not showing up as encrypted scrambly looking because you have permission to view it. there currently is no option to view the direct scrambled data like on the settings page, because it wouldn’t serve any clear purpose and eats up screen space for displays. You either get the human readable decrypted data, a masked version of it, or a restricted display. but ..if you put your user name into the user lockout list and then try viewing an entry it will give you the restricted display for either hidden or encrypted data. if that restricted display setting is empty, it will show nothing.
2 the data passed via query string is likely blank because you don’t have anything entered into the encrypted restricted display, and the merge tag filter is on by default. .. the query string data is actually pulled using the merge tag generation .. which is odd, but that’s how they are generated. if you put something into the encrypted restricted display it will likely then get passed to your query string variables because the merge tag filter replaces any encrypted /hidden fields with their respective restricted displays.
3 clarification is needed: are you looking to actually pass the actual scrambled encrypted data into your system via the query string? .. this would look like the encrypted data in the encryption test on the settings page. ..and how would you unencrypt it in your other system? One would think it would be useless without a decryption method on the other side. .. or do you want the UNencrypted and human readable output of the same field to be passed to the query string while the data in your WP database remains encrypted?
Hi again…
Thanks for your quick responses. A++ for support! To answer question 3, yes, I am looking to pass the scrambled, or encrypted values in the URL. We have a web programmer who is hoping to use the key string to unscramble the strings values. Our thinking is that, submitting unscrambled strings in a URL is unsafe. our page and website is behind an SSL and is accessed on an HTTP, maybe this is good enough? Not sure. This is why we were hoping to have the scrambled strings passed to the URL. Maybe this is not common practice?
Hmmm. Well, unfortunately there’s really no way to pass the actual full encrypted string data to the merge tag output currently.
-here’s an good article on the relative security of query strings in https pages: https://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/As far as decrypting on the other end It’s not something well be able to support for you as its outside the scope of this plugins functions entirely, but there’s certainly a couple ways I can think of that we could have the merge tag output be the full encryption string for passing the data via query string like that. I’m not sure its really a feature people would use though to develop it mainline.
..after reviewing the functionality for direct merge tag output (used in query strings) it looks like to implement the feature we would have to apply the output to the main data view. the query strings are generated after the data is initially pulled from the DB. So if we added an option to display full encryption string in query strings it would have to also show full encrypted string for all other displays.
..we’ll do a little more digging to see if we can pull the variable we need inside the proper function to make it possible to only target query strings. ..if it can be done we’ll try to get it in the next version. I believe it was already looked into for other functionality though so it doesn’t look too good at this point. I will update when I have a solid answer on this.
Well, while direct query string output of encrypted values isn’t currently possible we did just add the feature to output encrypted field strings through the confirmations and notification emails. Its a developer option that you may be able to use to send data encrypted to your receiving application for decryption. Of course, developing that application is all your own.
Ver 2.9.3 (see items changelog under item details) Added Encrypted Merge Tags {gfef_encrypt_FIELD ID} for develpers to output an encrypted version of any field data in notifications and confirmations to be decrypted elsewhere by data or email recipient. Data that is unencrypted will still have an encrypted version output by this merge tag.
