You can now use our decryption page to easily decrypt downloads.
If a form has encrypted fields the download will contain the values of these fields in an encrypted format. An example of a CSV file where the date of birth has been encrypted is shown below.
To decrypt this data you will need the password (from Sealed Envelope support) and a decryption tool such as OpenSSL that can decrypt AES-256. You will also need to extract the encrypted field column into a new file so that the only data on each line is the contents of the encrypted field. You can do this by, for instance, copying and pasting the encrypted column into a text file:
U2FsdGVkX18BH/rs5o6X635KFSi26/5epe+hdfD0gH8=
U2FsdGVkX1+rbukCo7HxKWb/Vdv/1uLJDaQY4RW4lCM=
U2FsdGVkX1+vKpmwQVOrDDDViSSQFMHJ+wOAkJB4PEg=
U2FsdGVkX1/NChFlM5hl297WVjM7nrhqHOXdUwlA4nE=
U2FsdGVkX18DYFOIOvZsuJHraQMzDzyoWbrTpT8rcO0=
Encrypted column pasted into file dob-encrypted.txt
Once you have obtained the decrypted data you will probably want to paste it into a new column in the CSV file to allow it to be associated again with the other subject data.
On Windows, we recommend installing OpenSSL for Windows. It’s easiest to create a new folder and copy the openssl.exe
file from the download into this new folder. Next create a batch file by copying and pasting the following code into a text document using Notepad or similar and save it as se-decrypt.cmd
in the same directory as the openssl.exe
file. Alternatively download a copy.
@echo off
REM Sealed Envelope batch file to decrypt data using openSSL AES 256
REM Input file is assumed to contain one encrypted item per line
set filepath=%~f1
if not exist "%filepath%" (
echo %~n0: file not found - %filepath% >&2
exit /B 1
)
set /P passwd="Password: "
echo Decryption of %filepath% at %DATE% > decrypted.txt
for /F "tokens=*" %%i in (%filepath%) do @echo %%i | openssl enc -aes-256-cbc -d -a -md sha512 -pbkdf2 -iter 100000 -pass pass:%passwd% >> decrypted.txt
se-decrypt.cmd
You must run the batch file from the Command Prompt - you should find this somewhere in your Start menu. You need to use the cd
command to move into the folder that contains the openssl.exe
file and your encrypted data file. You can use the dir
command to see the contents of the current folder. Once you are in the correct folder type the command:
se-decrypt.cmd dob-encrypted.txt
where dob-encrypted.txt
is the name of the file containing the encrypted data. Running this command will ask for the password and create (or overwrite) the file decrypted.txt
. Screenshots for doing this are shown below.
On macOS you can use the built in OpenSSL or install it using Homebrew. You will need to open the Terminal to type the relevant commands. In the example below the encrypted data is assumed to be in a file called dob-encrypted.txt on the Desktop. A decrypted file is created called dob-decrypted.txt using the password super-secret. Obviously you should change these parts to reflect your file names and password.
$ cd Desktop
$ cat dob-encrypted.txt
U2FsdGVkX18BH/rs5o6X635KFSi26/5epe+hdfD0gH8=
U2FsdGVkX1+rbukCo7HxKWb/Vdv/1uLJDaQY4RW4lCM=
U2FsdGVkX1+vKpmwQVOrDDDViSSQFMHJ+wOAkJB4PEg=
U2FsdGVkX1/NChFlM5hl297WVjM7nrhqHOXdUwlA4nE=
U2FsdGVkX18DYFOIOvZsuJHraQMzDzyoWbrTpT8rcO0=
$ while read in; do echo "$in" | openssl enc -aes-256-cbc -d -a -md sha512 -pbkdf2 -iter 100000 -pass pass:super-secret; done < dob-encrypted.txt > dob-decrypted.txt
$ cat dob-decrypted.txt
04/08/1997
11/08/1920
19/02/1987
10/10/1980
10/10/1980
$
The cd
command is used to move to the folder where the encrypted file is held. You can use the list command ls
to view files in the current folder. The cat
command shows the contents of a file. The decryption is carried out with the command:
while read in; do echo "$in" | openssl enc -aes-256-cbc -d -a -md sha512 -pbkdf2 -iter 100000 -pass pass:super-secret; done < dob-encrypted.txt > dob-decrypted.txt
which you should adapt to use your own password and file names.