Request for Example of Encrypted Data in CommCare

Users
1

Hi Community,

I'm trying to understand how CommCare encrypts data during transmission. Could someone share an image example of what encrypted (unreadable) data looks like when captured or intercepted? This is just for educational purposes, and I don't need any actual sensitive information—just a visual example.

Thank you for your help!

Best,

2

Hi Swe,

Thanks for reaching out!

All data transfers to and from the Dimagi server, including on web or mobile, will be conducted over industry standard hypertext transfer protocol secure transmission encryption (HTTPS). HTTPS is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer.

With HTTPS, traffic is encrypted such that even if the packets are sniffed or otherwise intercepted, they will come across as nonsensical characters. Here's an example:

Before Encryption:

This is a string of text that is completely readable

After Encryption:

ITM0IRyiEhVpa6VnKyExMiEgNveroyWBPlgGyfkflYjDaaFf/Kn3bo3OfghBPDWo6AfSHlNtL8N7ITEwIXc1gU5X73xMsJormzzXlwOyrCs+9XCPk63Y+z0=

This type of security system uses two different keys to encrypt communications between two parties:

  1. The private key - this key is controlled by the owner of a website and it’s kept, as the reader may have speculated, private. This key lives on a web server and is used to decrypt information encrypted by the public key.
  2. The public key - this key is available to everyone who wants to interact with the server in a way that’s secure. Information that’s encrypted by the public key can only be decrypted by the private key.

I hope this sheds some light on how we securely handle data transmissions on our platform. If you have any other questions, please do not hesitate to ask!

Best,

Kaleb
CommCare Support

2 Likes
3

Dear Kaleb,

Thank you so much for your explanation.

Best,
Swe