Decryption in ODK Briefcase not working

What is the problem? Please be detailed.
When decrypting forms using ODK Briefcase, I encounter the following error message:

Starting Export...
Processing instance: uuidb09a0688-34e4-4b60-8a4a-f59905f1e153
Error decrypting submission uuidb09a0688-34e4-4b60-8a4a-f59905f1e153 Cause: org.opendatakit.briefcase.model.CryptoException: Error decrypting base64EncryptedKey Cause: javax.crypto.BadPaddingException: data hash wrong skipping....
FAILED!

I've gone through relevant topics on the old forum, and none of the issues raised (out-dated version of Collect, duplicated forms, forms not being finalised, badly generated keys) seem relevant. I've also generated public and private keys on both a Mac and PC and still the above error is happening.

The forms are completing fine, and being sent to the server fine (as well as being pulled from the server, via Briefcase, without issue). The problem is when trying to decrypt them.

What ODK tool and version are you using? And on what device and operating system version?

ODK Collect v1.8.1, ODK Briefcase v1.6.0, ODK Aggregate installed via AppSpot

What steps can we take to reproduce the problem?

Happy to provide the form and public/private keys - this is just a test run.

What you have you tried to fix the problem?

Generated new keys; tried new versions of the form; deleted the '---' at the start and end of the private key (the guidance on the ODK site mentions to only do this for the public key). Still no joy.

Anything else we should know or have? If you have a test form or screenshots or logs, attach here.

As above, happy to upload files!

And what OS are you using to decrypt?

Hi Yaw,

Apologies, I should have mentioned that. I've tried both Mac (OS 10.11.16) and Windows (Version 7 Professional - Service Pack 1).

Thanks,

Calum

I just tested decryption on my build of ODK Briefcase v1.7.0 on macOS 10.12.6 running Java 1.8.0_131 and it worked, so my guess is that it's an issue with your computer or your keys.

Testing your computer

I have an encrypted form at https://nafundi-test.appspot.com. Use your copy of Briefcase to connect to it using username:test, password:test as credentials. Export and use the following private key and see if that works.
private_key.txt (1.6 KB)

If that fails, then there is an issue with your computer. My guess is that you don't have the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (great name, right?) installed. See the configuration page at https://opendatakit.org/help/encrypted-forms for how to do that.

Testing your keys
And here is the form and public key, so you can compare against yours.
encrypted_form.xml (1.4 KB)
public_key.txt (451 Bytes)

Hi Yaw,

Many thanks for this, and apologies for the delay in replying.

Your form works perfectly, which highlights an issue with the computers I've been using (despite both having the JCE kit installed!). I'll dig a bit deeper to see where the issue is.

Also, I noticed that your keys are .txt files. I've kept mine as .pem files. Similarly, you didn't delete the ----Public/Private Key---- header/footer from each file (whereas I did). Are either of these requirements at all?

Best,

Calum

I don't think .txt vs .pem makes a difference. I just do that so I can easily open those files in my text editor.

I believe the headers do make a difference. Or rather, I remember that deleting the headers from the private key threw exceptions in decryption. Try putting those headers back in your private key.

Hi Yaw,

Thanks for the guidance, I'll give it a try.

Best,

Calum