Decryption of downloaded data
✋This page applies to Red Pill version 26 and earlier. For Red Pill version 27 and later you must use the decrypt option on the downloads page.
If a form has encrypted fields, the download will contain the values of these fields in an encrypted format. An example of a CSV file where the date of birth has been encrypted is shown below.
To decrypt this data, you will need the password (from Sealed Envelope support) and you should visit our decryption page to easily decrypt downloads. Make sure you pick the correct Red Pill version or the decryption will not work correctly.
Manual alternative (not recommended)
Alternatively you can use a decryption tool, such as OpenSSL, that can decrypt AES-256. You will also need to extract the encrypted field column into a new file so that the only data on each line is the contents of the encrypted field. You can do this by, for instance, copying and pasting the encrypted column into a text file:
Encrypted column pasted into file dob-encrypted.txt
Once you have obtained the decrypted data, you will probably want to paste it into a new column in the CSV file to allow it to be associated again with the other subject data.
On Windows, we recommend installing OpenSSL for Windows. It's easiest to create a new folder and copy the
openssl.exe file from the download into this new folder. Next, create a batch file by copying and pasting the following code into a text document using Notepad or similar, and save it as
se-decrypt.cmd in the same directory as the
REM Sealed Envelope batch file to decrypt data using openSSL AES 256
REM Input file is assumed to contain one encrypted item per line
if not exist "%filepath%" (
echo %~n0: file not found - %filepath% >&2
exit /B 1
set /P passwd="Password: "
echo Decryption of %filepath% at %DATE% > decrypted.txt
for /F "tokens=*" %%i in (%filepath%) do @echo %%i | openssl enc -aes-256-cbc -d -a -md sha512 -pbkdf2 -iter 100000 -pass pass:%passwd% >> decrypted.txt
You must run the batch file from the Command Prompt - you should find this somewhere in your Start menu. You need to use the
cd command to move into the folder that contains the
openssl.exe file and your encrypted data file. You can use the
dir command to see the contents of the current folder. Once you are in the correct folder, type the command:
dob-encrypted.txt is the name of the file containing the encrypted data. Running this command will ask for the password and create (or overwrite) the file
decrypted.txt . Screenshots for doing this are shown below.
Moving to the correct folder and running the se-decrypt command
Contents of the decryption folder after decryption
Viewing the decrypted data
On macOS, you can use the built-in OpenSSL or install it using Homebrew. You will need to open the Terminal to type the relevant commands. In the example below, the encrypted data is assumed to be in a file called dob-encrypted.txt on the Desktop. A decrypted file is created called dob-decrypted.txt using the password super-secret. Obviously, you should change these parts to reflect your file names and password.
$ cd Desktop
$ cat dob-encrypted.txt
$ while read in; do echo "$in" | openssl enc -aes-256-cbc -d -a -md sha512 -pbkdf2 -iter 100000 -pass pass:super-secret; done < dob-encrypted.txt > dob-decrypted.txt
$ cat dob-decrypted.txt
cd command is used to move to the folder where the encrypted file is held. You can use the list command
ls to view files in the current folder. The
cat command shows the contents of a file. The decryption is carried out with the command:
while read in; do echo "$in" | openssl enc -aes-256-cbc -d -a -md sha512 -pbkdf2 -iter 100000 -pass pass:super-secret; done < dob-encrypted.txt > dob-decrypted.txt
which you should adapt to use your own password and file names.