Briefcase CLI - Password/Pem during export of project level encrypted data

getodk / central

ODK Central is a server that is easy to use, very fast, and stuffed with features that make data collection easier. Contribute and make the world a better place! ✨🗄✨

https://docs.getodk.org/central-intro/

Apache License 2.0

125 stars 151 forks source link

Briefcase CLI - Password/Pem during export of project level encrypted data #174

Closed chrissyhroberts closed 3 years ago

chrissyhroberts commented 4 years ago

Software versions

Briefcase v1.17.4

Problem description

Working with a project level encrypted data set on ODK Central that has been downloaded through ODK Briefcase, the ODK Briefcase CLI appears to have no method to export data as there is no PEM file for the data set and no option for entering a decryption passphrase.

Steps to reproduce the problem

Create a project level encrypted dataset Download with Briefcase and try to export

Expected behavior

No cypher warning

lognaturel commented 4 years ago

Briefcase was created to overcome some of Aggregate's limitations. With Central, our goal is that Briefcase shouldn't be necessary. In the case of project-level encryption, it's currently only possible to decrypt when pulling a full zip data export. We tried to be detailed about what is and isn't possible with project-level encryption at https://docs.getodk.org/central-encryption/ but I realize we didn't explicitly say that Briefcase can't be used with it. I'll make sure that's added.

From a security standpoint, going directly through Central is preferred because the private key never exists anywhere.

Can you describe why you would like to use Briefcase? Is it because it's such a major part of your existing processes? Or is there some limitation you've run into going directly through Central?

You do always have the option of continuing to include a public key in your form definition if that is better for your processes.

chrissyhroberts commented 4 years ago

Sorry for delay in responding to this.

I think that the motivating factor for me is the ability to perform automation, which at present means briefcase + Bash + R or similar setup. The OData system seems like a great way to pipe data directly from Central to R, which can handle downstream analysis, but the OData pipe doesn't work with the project level encryption.

Ideally, we'd be able to obtain a token of some sort from project level encryption (like something that only works on a specific machine, or even just to export a pem file from Central) that allows automated pull & decrypt actions using either OData or Briefcase.

Workaround still remains as you say to use form level encryption, so as long as that option remains in to the future, I think it is perfectly functional to keep doing that.

lognaturel commented 3 years ago

This is more about rethinking how Central makes project-level encrypted data available so I've moved the issue. It's not immediately actionable so I'll close it for now but it will be available through search. Thanks for detailing what you need and why, @chrissyhroberts.

We'll also make sure the docs are augmented -- https://github.com/getodk/docs/issues/1229