Download encryption keys from ODK central

Hello,

We are using ODK Collect on Android devices connected to an ODK Central server to do surveys. I was hoping to find a way to download forms directly from the Android device, using ODK Briefcase, in order to debug or fix some issues with a form. That seems to be working, but in order to decrypt the forms I need the key, which is currently managed by ODK Central.

Is there any way to download a project-managed encryption key from ODK Central?

ODK Central is running on a server I have access to, so if I can get they key that way that would be fine.

I have given some effort at finding this on the server and made some progress, but am not sure how to advance. I connected to the postgres DB on the server, the read the contents of the "keys" table, and found the entry for the relevant project. The "private" field has what looks like JSON data with the following structure:

{
	"iv":"...",
	"salt":"...",
	"pubkey":"...",
	"privkey":"..."
}

I know that the encryption also has a passphrase, which I assume would have to be combined with the private key here. However the process to do this to get a decryption key to use with ODK Briefcase (or OpenSSL) seems more than I know how to do.

If someone can help with this it would be great as it would allow me to get the encrypted forms on the Android device to try to see if there is a way to recover data.

The reason I need this is somewhat complicated to explain. Some of the data in the completed and uploaded form seems to be corrupted for some reason, and I'm still trying to work out how and why. (For one thing, when I try to download the submission data from ODK Central with media, Windows says the zip file is invalid.) What I'm hoping is to get the xml file and media associated with the filled-in form.

How much data do you have? Are you sure the zip file is fully downloaded? "zip file is invalid" usually means that downloading had been abruptly stopped

Hi Sadiq,
The data is about 26 entries of a CSV file and about 49 images, all associated with a single form instance with some repeat fields. When I download the data without media, I am able to open it, but when I download it with media, every time I've tried the zip file seems not to be readable.

I've also downloaded the data using the R package ruODK, via the API, and the downloaded zip file is similarly not readable.

I am under the impression from the data (and things the data collectors said) that a bug came up, maybe in ODK Collect, maybe having something to do with an off-by-one error in a form with repeat groups, after they tried to delete an item in the repeat group. I still need to try to create a reproducible example of this.

Thanks,
Matthew

This issue sounds like it's related to downloading media files. We have some troubleshooting suggestions that you can try here: https://docs.getodk.org/central-troubleshooting/#export-produces-corrupt-zip

Hopefully the suggestions above allow you to download the media files. Central doesn't currently provide a way to download a decrypted submission XML file or a project's private encryption key. Is there something that you expect to see in the XML file that wouldn't be visible in the CSV file?

2 Likes

Agreed with @Matthew_White that the best approach is to get download working. What version of Central are you running?