[ODK Community] Decryption support in Briefcase

Hey, Chris, thanks for getting back to me on this issue.

I followed the steps you suggested, save for step 1: about the server, apparently I am not using any server, I am trying to use BriefCase to get data off of my sd card from odk collect.
I specified the submission_url column because at the time it appeared to be a prerequisite for encryption to work - please let me know if this sis not the case.

Presently the error still persists, I think I carefully followed the steps to create the private and public key .pem files unless otherwise. Would be glad to learn from your procedures to achieve this in case I have some steps totally wrong.

Plus I checked the to make sure 'submission_url' column is spelt right this time.

Thanks again.
Regards.
Ezra.

··· Sent from my Nokia phone -----Original Message----- From: Christopher Robert Sent: 05/07/2013, 10:56 To: opendatakit@googlegroups.com Subject: Re: [ODK Community] Decryption support in Briefcase

Ezra,

You might receive that error if anything changed between encryption time
and decryption time. So, for example, we've seen it when the submission URL
changed slightly, but there was still some old form data that had been
encrypted with the older submission URL. Likewise, if you changed the key
that you were using, but still had some old form data, you would run into
trouble.

I would suggest the following:

  1. Delete the form completely from the server.

  2. Delete the blank form from your device, as well as any filled-out forms.

  3. Locate your Briefcase storage directory, and, within its "forms"
    subdirectory, fully delete the subdirectory for your form.

  4. Update your form definition to have an "https://" at the beginning of
    your submission URL. Confirm also that the column header is
    "submission_url" (not "submissions_url").

  5. Upload your form anew and try everything again. With any luck, it will
    work just fine.

(If you want to skip steps 1-3, you can also just change your form's formid
and title, and that should avoid any issues with old data from earlier
attempts.)

Best,

Chris

On Tue, May 7, 2013 at 8:15 AM, Rwakazooba Ezra Aliija <rwakazooba@gmail.com wrote:

Hello Chris, Allyson and Waylon,

this has been the closes thread similar to the issue I am facing right now
to decrypt a finalized form in odk brief case, for the record, I have JCE 6
installed in the right jre location.

Also in my xls worksheet, my submissions_url reads" "
m16ezra.appspot.com/submission" with the respective public_key column
filled with the public key.

I created a public and primary key with openSSL as described
http://opendatakit.org/help/encrypted-forms/ however I get the following
error when I use the private key created to decrypt the form:

"cause org.opendatakit.breifcase.model.CryptoException: error decrypting
base64encryptedKey cause: javax.crypto.BadPaddingException:data hash wrong
Failed! "

Any ideas what this means and how I could possible solve this.

Thanks.
Regards.
Ezra

On Wednesday, August 22, 2012 8:14:13 PM UTC+3, Allyson Barnett wrote:

Thanks for your response. We are pulling data directly from devices so
that is what happened I think. I filed issue #670
http://code.google.com/p/**opendatakit/issues/detail?id=**670http://code.google.com/p/opendatakit/issues/detail?id=670

On Sunday, August 19, 2012 7:05:35 PM UTC, Waylon Brunette wrote:

Also if you haven't already file an issue on our website about

changing the level of encryption. The problem is that we don't want to

make it easy enough for someone to break. However you bring up good

points so file an issue so that ODK core team discusses how we might

address this.

Waylon

On Sun, Aug 5, 2012 at 11:29 PM, Christopher Robert chrisl...@gmail.com wrote:

ODKers,

In order for field staff to be able to download and decrypt data using

Briefcase, they typically have to first install the Java Cryptography

Extension (JCE) Unlimited Strength Jurisdiction Policy Files in order
to

upgrade their JREs to support the key size used by ODK. If they
don't, they

are treated to an "illegal key size" exception upon attempting
decryption.

This has been a support headache and I am trying to devise a
longer-term

strategy that works around this problem.

One option would be to build a custom Briefcase installer that
installs the

necessary JCE files. However, my understanding is that this installer
would

be subject to U.S. export restrictions. Thus, I am unsure of the
legality of

broadly distributing such an installer.

Another option would be to default ODK encryption to 128-bit and
allow an

option for stronger encryption. Perhaps some kind of option along
these

lines already exists? Ideally, you would be able to use stronger
encryption

in those contexts for which it is legal, and weaker in others.

Does anybody have any thoughts on this? One way or another I'd like
to make

the process of deploying encrypted forms easier, and this JRE/JCE
issue is a

real hang-up. I can't imagine that I'm alone here.

Thanks,

Chris

--

Post: opend...@googlegroups.com

Unsubscribe: opendatakit...@**googlegroups.com

Options: http://groups.google.com/**group/opendatakit?hl=enhttp://groups.google.com/group/opendatakit?hl=en

--
--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to a topic in the Google Groups "ODK Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/opendatakit/-_i-Go4zIsw/unsubscribe?hl=en.
To unsubscribe from this group and all its topics, send an email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Hi Ezra,

As long as you totally cleared both form definitions and data off of both
your device and your Briefcase local storage, it seems like
freshly-encrypted data should have decrypted okay. You might just compare
the form definitions (the .xml files) that are currently on your device and
in your location storage, to confirm that they are identical. If so, I am a
bit perplexed.

Has anybody else used the encryption/decryption without sending data
through a server? Maybe there's something else that needs to be done
differently.

Best,

Chris

··· On Wed, May 8, 2013 at 7:25 AM, Ezra wrote:

Hey, Chris, thanks for getting back to me on this issue.

I followed the steps you suggested, save for step 1: about the server,
apparently I am not using any server, I am trying to use BriefCase to get
data off of my sd card from odk collect.
I specified the submission_url column because at the time it appeared to
be a prerequisite for encryption to work - please let me know if this sis
not the case.

Presently the error still persists, I think I carefully followed the steps
to create the private and public key .pem files unless otherwise. Would be
glad to learn from your procedures to achieve this in case I have some
steps totally wrong.

Plus I checked the to make sure 'submission_url' column is spelt right
this time.

Thanks again.
Regards.
Ezra.
Sent from my Nokia phone
-----Original Message-----
From: Christopher Robert
Sent: 05/07/2013, 10:56
To: opendatakit@googlegroups.com
Subject: Re: [ODK Community] Decryption support in Briefcase

Ezra,

You might receive that error if anything changed between encryption time
and decryption time. So, for example, we've seen it when the submission URL
changed slightly, but there was still some old form data that had been
encrypted with the older submission URL. Likewise, if you changed the key
that you were using, but still had some old form data, you would run into
trouble.

I would suggest the following:

  1. Delete the form completely from the server.

  2. Delete the blank form from your device, as well as any filled-out forms.

  3. Locate your Briefcase storage directory, and, within its "forms"
    subdirectory, fully delete the subdirectory for your form.

  4. Update your form definition to have an "https://" at the beginning of
    your submission URL. Confirm also that the column header is
    "submission_url" (not "submissions_url").

  5. Upload your form anew and try everything again. With any luck, it will
    work just fine.

(If you want to skip steps 1-3, you can also just change your form's formid
and title, and that should avoid any issues with old data from earlier
attempts.)

Best,

Chris

On Tue, May 7, 2013 at 8:15 AM, Rwakazooba Ezra Aliija < rwakazooba@gmail.com wrote:

Hello Chris, Allyson and Waylon,

this has been the closes thread similar to the issue I am facing right
now
to decrypt a finalized form in odk brief case, for the record, I have
JCE 6
installed in the right jre location.

Also in my xls worksheet, my submissions_url reads" "
m16ezra.appspot.com/submission" with the respective public_key column
filled with the public key.

I created a public and primary key with openSSL as described
http://opendatakit.org/help/encrypted-forms/ however I get the following
error when I use the private key created to decrypt the form:

"cause org.opendatakit.breifcase.model.CryptoException: error decrypting
base64encryptedKey cause: javax.crypto.BadPaddingException:data hash
wrong
Failed! "

Any ideas what this means and how I could possible solve this.

Thanks.
Regards.
Ezra

On Wednesday, August 22, 2012 8:14:13 PM UTC+3, Allyson Barnett wrote:

Thanks for your response. We are pulling data directly from devices so
that is what happened I think. I filed issue #670
http://code.google.com/p/**opendatakit/issues/detail?id=**670<
http://code.google.com/p/opendatakit/issues/detail?id=670>

On Sunday, August 19, 2012 7:05:35 PM UTC, Waylon Brunette wrote:

Also if you haven't already file an issue on our website about

changing the level of encryption. The problem is that we don't want to

make it easy enough for someone to break. However you bring up good

points so file an issue so that ODK core team discusses how we might

address this.

Waylon

On Sun, Aug 5, 2012 at 11:29 PM, Christopher Robert chrisl...@gmail.com wrote:

ODKers,

In order for field staff to be able to download and decrypt data
using

Briefcase, they typically have to first install the Java
Cryptography

Extension (JCE) Unlimited Strength Jurisdiction Policy Files in
order

to

upgrade their JREs to support the key size used by ODK. If they
don't, they

are treated to an "illegal key size" exception upon attempting
decryption.

This has been a support headache and I am trying to devise a
longer-term

strategy that works around this problem.

One option would be to build a custom Briefcase installer that
installs the

necessary JCE files. However, my understanding is that this
installer

would

be subject to U.S. export restrictions. Thus, I am unsure of the
legality of

broadly distributing such an installer.

Another option would be to default ODK encryption to 128-bit and
allow an

option for stronger encryption. Perhaps some kind of option along
these

lines already exists? Ideally, you would be able to use stronger
encryption

in those contexts for which it is legal, and weaker in others.

Does anybody have any thoughts on this? One way or another I'd like
to make

the process of deploying encrypted forms easier, and this JRE/JCE
issue is a

real hang-up. I can't imagine that I'm alone here.

Thanks,

Chris

--

Post: opend...@googlegroups.com

Unsubscribe: opendatakit...@**googlegroups.com

Options: http://groups.google.com/**group/opendatakit?hl=en<
http://groups.google.com/group/opendatakit?hl=en>

--
--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to a topic in the
Google Groups "ODK Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/opendatakit/-_i-Go4zIsw/unsubscribe?hl=en
.
To unsubscribe from this group and all its topics, send an email to
opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Chris, Thanks a lot, It worked now after your direction and guidance on
doing encryption and decryption over a server.

I was able to do a download a form from my appspot aggregate server and
then resubmit it back and later export it with briefcase and the whole
encryption decryption process worked fine.

There was an issue later, upon filling out the form, for some reason I
kept getting

"Error-Invalid status code on Head request.If you have a web proxy,you may
need to login to your network" when I tried to submit the already finalized
form.

it however submits other forms, could you know the cause of this and if
so, any remedies or guidance would be highly appreciated.

Thanks a lot Chris.
Ezra.

··· On Wed, May 8, 2013 at 8:31 AM, Christopher Robert wrote:

Hi Ezra,

As long as you totally cleared both form definitions and data off of both
your device and your Briefcase local storage, it seems like
freshly-encrypted data should have decrypted okay. You might just compare
the form definitions (the .xml files) that are currently on your device and
in your location storage, to confirm that they are identical. If so, I am a
bit perplexed.

Has anybody else used the encryption/decryption without sending data
through a server? Maybe there's something else that needs to be done
differently.

Best,

Chris

On Wed, May 8, 2013 at 7:25 AM, Ezra rwakazooba@gmail.com wrote:

Hey, Chris, thanks for getting back to me on this issue.

I followed the steps you suggested, save for step 1: about the server,
apparently I am not using any server, I am trying to use BriefCase to get
data off of my sd card from odk collect.
I specified the submission_url column because at the time it appeared to
be a prerequisite for encryption to work - please let me know if this sis
not the case.

Presently the error still persists, I think I carefully followed the
steps to create the private and public key .pem files unless otherwise.
Would be glad to learn from your procedures to achieve this in case I have
some steps totally wrong.

Plus I checked the to make sure 'submission_url' column is spelt right
this time.

Thanks again.
Regards.
Ezra.
Sent from my Nokia phone
-----Original Message-----
From: Christopher Robert
Sent: 05/07/2013, 10:56
To: opendatakit@googlegroups.com
Subject: Re: [ODK Community] Decryption support in Briefcase

Ezra,

You might receive that error if anything changed between encryption time
and decryption time. So, for example, we've seen it when the submission
URL
changed slightly, but there was still some old form data that had been
encrypted with the older submission URL. Likewise, if you changed the key
that you were using, but still had some old form data, you would run into
trouble.

I would suggest the following:

  1. Delete the form completely from the server.

  2. Delete the blank form from your device, as well as any filled-out
    forms.

  3. Locate your Briefcase storage directory, and, within its "forms"
    subdirectory, fully delete the subdirectory for your form.

  4. Update your form definition to have an "https://" at the beginning of
    your submission URL. Confirm also that the column header is
    "submission_url" (not "submissions_url").

  5. Upload your form anew and try everything again. With any luck, it will
    work just fine.

(If you want to skip steps 1-3, you can also just change your form's
formid
and title, and that should avoid any issues with old data from earlier
attempts.)

Best,

Chris

On Tue, May 7, 2013 at 8:15 AM, Rwakazooba Ezra Aliija < rwakazooba@gmail.com wrote:

Hello Chris, Allyson and Waylon,

this has been the closes thread similar to the issue I am facing right
now
to decrypt a finalized form in odk brief case, for the record, I have
JCE 6
installed in the right jre location.

Also in my xls worksheet, my submissions_url reads" "
m16ezra.appspot.com/submission" with the respective public_key column
filled with the public key.

I created a public and primary key with openSSL as described
http://opendatakit.org/help/encrypted-forms/ however I get the
following
error when I use the private key created to decrypt the form:

"cause org.opendatakit.breifcase.model.CryptoException: error decrypting
base64encryptedKey cause: javax.crypto.BadPaddingException:data hash
wrong
Failed! "

Any ideas what this means and how I could possible solve this.

Thanks.
Regards.
Ezra

On Wednesday, August 22, 2012 8:14:13 PM UTC+3, Allyson Barnett wrote:

Thanks for your response. We are pulling data directly from devices so
that is what happened I think. I filed issue #670
http://code.google.com/p/**opendatakit/issues/detail?id=**670<
http://code.google.com/p/opendatakit/issues/detail?id=670>

On Sunday, August 19, 2012 7:05:35 PM UTC, Waylon Brunette wrote:

Also if you haven't already file an issue on our website about

changing the level of encryption. The problem is that we don't want
to

make it easy enough for someone to break. However you bring up good

points so file an issue so that ODK core team discusses how we might

address this.

Waylon

On Sun, Aug 5, 2012 at 11:29 PM, Christopher Robert chrisl...@gmail.com wrote:

ODKers,

In order for field staff to be able to download and decrypt data
using

Briefcase, they typically have to first install the Java
Cryptography

Extension (JCE) Unlimited Strength Jurisdiction Policy Files in
order

to

upgrade their JREs to support the key size used by ODK. If they
don't, they

are treated to an "illegal key size" exception upon attempting
decryption.

This has been a support headache and I am trying to devise a
longer-term

strategy that works around this problem.

One option would be to build a custom Briefcase installer that
installs the

necessary JCE files. However, my understanding is that this
installer

would

be subject to U.S. export restrictions. Thus, I am unsure of the
legality of

broadly distributing such an installer.

Another option would be to default ODK encryption to 128-bit and
allow an

option for stronger encryption. Perhaps some kind of option along
these

lines already exists? Ideally, you would be able to use stronger
encryption

in those contexts for which it is legal, and weaker in others.

Does anybody have any thoughts on this? One way or another I'd like
to make

the process of deploying encrypted forms easier, and this JRE/JCE
issue is a

real hang-up. I can't imagine that I'm alone here.

Thanks,

Chris

--

Post: opend...@googlegroups.com

Unsubscribe: opendatakit...@**googlegroups.com

Options: http://groups.google.com/**group/opendatakit?hl=en<
http://groups.google.com/group/opendatakit?hl=en>

--
--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google
Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to opendatakit+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to a topic in the
Google Groups "ODK Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/opendatakit/-_i-Go4zIsw/unsubscribe?hl=en
.
To unsubscribe from this group and all its topics, send an email to
opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to a topic in the
Google Groups "ODK Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/opendatakit/-_i-Go4zIsw/unsubscribe?hl=en
.
To unsubscribe from this group and all its topics, send an email to
opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Hi Ezra,

I am not sure about this error. Googling for something similar, I came
across this:

https://groups.google.com/forum/?fromgroups=#!msg/opendatakit/hoXpfb_esg4/lNxaqcdzmsEJ

Therefore, it might be something to do with your form definition. Maybe
somebody else has a better or more specific idea, though.

Chris

··· On Fri, May 10, 2013 at 4:44 PM, Rwakazooba Ezra Aliija < rwakazooba@gmail.com> wrote:

Chris, Thanks a lot, It worked now after your direction and guidance on
doing encryption and decryption over a server.

I was able to do a download a form from my appspot aggregate server and
then resubmit it back and later export it with briefcase and the whole
encryption decryption process worked fine.

There was an issue later, upon filling out the form, for some reason I
kept getting

"Error-Invalid status code on Head request.If you have a web proxy,you may
need to login to your network" when I tried to submit the already finalized
form.

it however submits other forms, could you know the cause of this and if
so, any remedies or guidance would be highly appreciated.

Thanks a lot Chris.
Ezra.

On Wed, May 8, 2013 at 8:31 AM, Christopher Robert crobert@surveycto.comwrote:

Hi Ezra,

As long as you totally cleared both form definitions and data off of both
your device and your Briefcase local storage, it seems like
freshly-encrypted data should have decrypted okay. You might just compare
the form definitions (the .xml files) that are currently on your device and
in your location storage, to confirm that they are identical. If so, I am a
bit perplexed.

Has anybody else used the encryption/decryption without sending data
through a server? Maybe there's something else that needs to be done
differently.

Best,

Chris

On Wed, May 8, 2013 at 7:25 AM, Ezra rwakazooba@gmail.com wrote:

Hey, Chris, thanks for getting back to me on this issue.

I followed the steps you suggested, save for step 1: about the server,
apparently I am not using any server, I am trying to use BriefCase to get
data off of my sd card from odk collect.
I specified the submission_url column because at the time it appeared to
be a prerequisite for encryption to work - please let me know if this sis
not the case.

Presently the error still persists, I think I carefully followed the
steps to create the private and public key .pem files unless otherwise.
Would be glad to learn from your procedures to achieve this in case I have
some steps totally wrong.

Plus I checked the to make sure 'submission_url' column is spelt right
this time.

Thanks again.
Regards.
Ezra.
Sent from my Nokia phone
-----Original Message-----
From: Christopher Robert
Sent: 05/07/2013, 10:56
To: opendatakit@googlegroups.com
Subject: Re: [ODK Community] Decryption support in Briefcase

Ezra,

You might receive that error if anything changed between encryption time
and decryption time. So, for example, we've seen it when the submission
URL
changed slightly, but there was still some old form data that had been
encrypted with the older submission URL. Likewise, if you changed the key
that you were using, but still had some old form data, you would run into
trouble.

I would suggest the following:

  1. Delete the form completely from the server.

  2. Delete the blank form from your device, as well as any filled-out
    forms.

  3. Locate your Briefcase storage directory, and, within its "forms"
    subdirectory, fully delete the subdirectory for your form.

  4. Update your form definition to have an "https://" at the beginning of
    your submission URL. Confirm also that the column header is
    "submission_url" (not "submissions_url").

  5. Upload your form anew and try everything again. With any luck, it will
    work just fine.

(If you want to skip steps 1-3, you can also just change your form's
formid
and title, and that should avoid any issues with old data from earlier
attempts.)

Best,

Chris

On Tue, May 7, 2013 at 8:15 AM, Rwakazooba Ezra Aliija < rwakazooba@gmail.com wrote:

Hello Chris, Allyson and Waylon,

this has been the closes thread similar to the issue I am facing right
now
to decrypt a finalized form in odk brief case, for the record, I have
JCE 6
installed in the right jre location.

Also in my xls worksheet, my submissions_url reads" "
m16ezra.appspot.com/submission" with the respective public_key column
filled with the public key.

I created a public and primary key with openSSL as described
http://opendatakit.org/help/encrypted-forms/ however I get the
following
error when I use the private key created to decrypt the form:

"cause org.opendatakit.breifcase.model.CryptoException: error
decrypting
base64encryptedKey cause: javax.crypto.BadPaddingException:data hash
wrong
Failed! "

Any ideas what this means and how I could possible solve this.

Thanks.
Regards.
Ezra

On Wednesday, August 22, 2012 8:14:13 PM UTC+3, Allyson Barnett wrote:

Thanks for your response. We are pulling data directly from devices
so

that is what happened I think. I filed issue #670
http://code.google.com/p/**opendatakit/issues/detail?id=**670<
http://code.google.com/p/opendatakit/issues/detail?id=670>

On Sunday, August 19, 2012 7:05:35 PM UTC, Waylon Brunette wrote:

Also if you haven't already file an issue on our website about

changing the level of encryption. The problem is that we don't want
to

make it easy enough for someone to break. However you bring up good

points so file an issue so that ODK core team discusses how we might

address this.

Waylon

On Sun, Aug 5, 2012 at 11:29 PM, Christopher Robert chrisl...@gmail.com wrote:

ODKers,

In order for field staff to be able to download and decrypt data
using

Briefcase, they typically have to first install the Java
Cryptography

Extension (JCE) Unlimited Strength Jurisdiction Policy Files in
order

to

upgrade their JREs to support the key size used by ODK. If they
don't, they

are treated to an "illegal key size" exception upon attempting
decryption.

This has been a support headache and I am trying to devise a
longer-term

strategy that works around this problem.

One option would be to build a custom Briefcase installer that
installs the

necessary JCE files. However, my understanding is that this
installer

would

be subject to U.S. export restrictions. Thus, I am unsure of the
legality of

broadly distributing such an installer.

Another option would be to default ODK encryption to 128-bit and
allow an

option for stronger encryption. Perhaps some kind of option along
these

lines already exists? Ideally, you would be able to use stronger
encryption

in those contexts for which it is legal, and weaker in others.

Does anybody have any thoughts on this? One way or another I'd
like

to make

the process of deploying encrypted forms easier, and this JRE/JCE
issue is a

real hang-up. I can't imagine that I'm alone here.

Thanks,

Chris

--

Post: opend...@googlegroups.com

Unsubscribe: opendatakit...@**googlegroups.com

Options: http://groups.google.com/**group/opendatakit?hl=en<
http://groups.google.com/group/opendatakit?hl=en>

--
--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google
Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to opendatakit+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to a topic in the
Google Groups "ODK Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/opendatakit/-_i-Go4zIsw/unsubscribe?hl=en
.
To unsubscribe from this group and all its topics, send an email to
opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google
Groups "ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to a topic in the
Google Groups "ODK Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/opendatakit/-_i-Go4zIsw/unsubscribe?hl=en
.
To unsubscribe from this group and all its topics, send an email to
opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.