Version 4.0.0

After some pondering, procrastinating, planning, and development, LiberaForms now comes with End-to-end encryption built in. Yeah!

This means that form answers are only known by the participating parties. No leaks!

Everything E2EE happens on the client and to acheive that LiberaForms imports OpenPGP.js, a library that fits our needs very well indeed.

As expected, private keys never leave the client and users must take responsibility for the safe keeping their key.

Because the server cannot read a form's encrypted answers, some form features are disabled, like sending confirmation via emails. But a part from that, E2EE integration is seamless. :)

Encryption is enabled on a form to form basis. SysAdmins set the E2EE_MODE to make E2EE either optional, required, or disabled.

Enjoy!

User interface

Understanding E2EE can be challenging. We have tried to make PGP key mangement straight forward and unambiguous.

LiberaForms comes with:

• A key pair creation wizard that guides the user through the process, with disclaimers.
• An E2EE Demo. Fun to play with, but also demonstrates E2EE basics so that the user may understand the importance of their private key
• A dialog that prompts the user when their private key and/or passphrase is required
• A "Delete my keys on this browser" option to quickly secure the device

Enabling E2EE

• The user must first create their personal key pair (only required once)
• Then one click to enable answer encryption on a form to form basis

E2EE Answer sharing

We wanted to make sharing encrypted data as practical as possible, and we like the technique we settled on very much. Thank you @evilham!

Other goodies

• Files uploaded via the form are also end-to-end encrypted!
• A combination of local and session storage to manage keys on the browser for ease of use
• Example script to decrypt answers retrieved via the API (see Inline help)

Thanks

This release was, in part, supported by NLnet under the NGI Assure programme. Thank you very much. :)

This is a major milestone for LiberaForms, and represents a notable step forward to providing ethical free form software for all!

Upgrade from v3.*.*

Modify your .env file

# Configure End to End Encrypted forms on this installation.
# Only affects new forms:
# To disable E2EE on this installation:
#E2EE_MODE=DISABLED

# To have E2EE available, but not enabled by default on this installation
# Users may enable E2EE on a form to form basis:
# (this is the default)
#E2EE_MODE=AVAILABLE

# To have E2EE available and enabled by default on this installation
# Users may decline E2EE on a form to form basis:
#E2EE_MODE=ENABLED_BY_DEFAULT

# To have E2EE required on this installation, and disable creating unencrypted forms:
#E2EE_MODE=REQUIRED

Choose an E2EE_MODE and add it to the .env file.

Stop LiberaForms

sudo supervisorctl stop liberaforms
sudo supervisorctl stop liberaforms-logs

Fetch version 4.0.0

git fetch origin tag v4.0.0 --no-tags
git checkout v4.0.0 -b v4.0.0
cat VERSION.txt

Upgrade python packages (not required if upgrading from v3.5.0 or later)

source ./venv/bin/activate
pip install --upgrade pip
pip install -r ./requirements.txt

Upgrade the database schema to 257a4f31751b (not required if upgrading from v3.5.0 or later)

flask db upgrade

See the installed versions

flask site get-versions

Restart the supervisor processes.

sudo supervisorctl start liberaforms-logs
sudo supervisorctl start liberaforms

Other

Just in case you missed it, with v3.2.0 we added client_max_body_size to the web server config. Please make sure you've adjusted your configuration.