Decryption of downloaded data

This page applies to Red Pill version 26 and earlier. For Red Pill version 27 and later you must use the decrypt option on the downloads page.

If a form has encrypted fields, the download will contain the values of these fields in an encrypted format. An example of a CSV file where the date of birth has been encrypted is shown below.

Encrypted field contents in downloaded CSV file

To decrypt this data, you will need the password (from Sealed Envelope support) and you should visit our decryption page to easily decrypt downloads. Make sure you pick the correct Red Pill version or the decryption will not work correctly.

Manual alternative (not recommended)

Alternatively you can use a decryption tool, such as OpenSSL, that can decrypt AES-256. You will also need to extract the encrypted field column into a new file so that the only data on each line is the contents of the encrypted field. You can do this by, for instance, copying and pasting the encrypted column into a text file:

U2FsdGVkX18BH/rs5o6X635KFSi26/5epe+hdfD0gH8=
U2FsdGVkX1+rbukCo7HxKWb/Vdv/1uLJDaQY4RW4lCM=
U2FsdGVkX1+vKpmwQVOrDDDViSSQFMHJ+wOAkJB4PEg=
U2FsdGVkX1/NChFlM5hl297WVjM7nrhqHOXdUwlA4nE=
U2FsdGVkX18DYFOIOvZsuJHraQMzDzyoWbrTpT8rcO0=

Encrypted column pasted into file dob-encrypted.txt

Once you have obtained the decrypted data, you will probably want to paste it into a new column in the CSV file to allow it to be associated again with the other subject data.

Windows

On Windows, we recommend installing OpenSSL for Windows. It's easiest to create a new folder and copy the openssl.exe file from the download into this new folder. Next, create a batch file by copying and pasting the following code into a text document using Notepad or similar, and save it as se-decrypt.cmd in the same directory as the openssl.exe file.

@echo off

REM Sealed Envelope batch file to decrypt data using openSSL AES 256
REM Input file is assumed to contain one encrypted item per line

set filepath=%~f1

if not exist "%filepath%" (
  echo %~n0: file not found - %filepath% >&2
  exit /B 1
)

set /P passwd="Password: "
echo Decryption of %filepath% at %DATE% > decrypted.txt
for /F "tokens=*" %%i in (%filepath%) do @echo %%i | openssl enc -aes-256-cbc -d -a -md sha512 -pbkdf2 -iter 100000 -pass pass:%passwd% >> decrypted.txt

se-decrypt.cmd

You must run the batch file from the Command Prompt - you should find this somewhere in your Start menu. You need to use the cd command to move into the folder that contains the openssl.exe file and your encrypted data file. You can use the dir command to see the contents of the current folder. Once you are in the correct folder, type the command:

se-decrypt.cmd dob-encrypted.txt

where dob-encrypted.txt is the name of the file containing the encrypted data. Running this command will ask for the password and create (or overwrite) the file decrypted.txt . Screenshots for doing this are shown below.

Moving to the correct folder and running the se-decrypt command

Contents of the decryption folder after decryption

Viewing the decrypted data

Mac

On macOS, you can use the built-in OpenSSL or install it using Homebrew. You will need to open the Terminal to type the relevant commands. In the example below, the encrypted data is assumed to be in a file called dob-encrypted.txt on the Desktop. A decrypted file is created called dob-decrypted.txt using the password super-secret. Obviously, you should change these parts to reflect your file names and password.

$ cd Desktop
$ cat dob-encrypted.txt
U2FsdGVkX18BH/rs5o6X635KFSi26/5epe+hdfD0gH8=
U2FsdGVkX1+rbukCo7HxKWb/Vdv/1uLJDaQY4RW4lCM=
U2FsdGVkX1+vKpmwQVOrDDDViSSQFMHJ+wOAkJB4PEg=
U2FsdGVkX1/NChFlM5hl297WVjM7nrhqHOXdUwlA4nE=
U2FsdGVkX18DYFOIOvZsuJHraQMzDzyoWbrTpT8rcO0=
$ while read in; do echo "$in" | openssl enc -aes-256-cbc -d -a -md sha512 -pbkdf2 -iter 100000 -pass pass:super-secret; done < dob-encrypted.txt > dob-decrypted.txt
$ cat dob-decrypted.txt
04/08/1997
11/08/1920
19/02/1987
10/10/1980
10/10/1980
$

The cd command is used to move to the folder where the encrypted file is held. You can use the list command ls to view files in the current folder. The cat command shows the contents of a file. The decryption is carried out with the command:

while read in; do echo "$in" | openssl enc -aes-256-cbc -d -a -md sha512 -pbkdf2 -iter 100000 -pass pass:super-secret; done < dob-encrypted.txt > dob-decrypted.txt

which you should adapt to use your own password and file names.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles