1. Generate an RSA
Before you can use MeringueMail to encrypt forms you need an RSA key pair. The key pair consists of two keys: a public key that is used to encrypt your forms and a private key that you keep to decrypt the forms. This key pair is generated using the MeringueMail client.
You must specify your name, an e-mail address, a password that will protect your key and how long you want the key to be (as shown below). Your key should be either 1024 or 1536 bits long.
The generated public key is shown below. A "key identifier" is associated with each key generated. The key ID for this key is "4591f672...". The private key needed for decryption is not shown.
2. Export your RSA Public Key
recipients.length ] = "Ernest Hammingweight";
publicKeys[ publicKeys.length ] = "badaf4b55185d8aeeba1ecf52e6ff0c5d720c6782a0992e78a70310122d1017e
keyIds[ keyIds.length ] = "4591f6729cb41117476f7393df4f1572f2b950cf";
emailAddresses[ emailAddresses.length ] = "hammingweight#fastmail.fm";
3. Create your Form
After generating your key, you can create your form. The HTML below creates a simple (and rather stupid) form. The form has the name "survey".
4. Visitors complete your Form
When visitors visit your web site they will be able to complete your form. The screen shot below shows the form corresponding to the HTML above. The inclusion of the MeringueMail code does not change the way the form is rendered.
When the form is submitted it is encrypted. If you use Response-O-Matic to process your forms, your visitors will see the encrypted form contents as shown below (the encrypted data will be different every time even if they submit exactly the same data). The form name is not encrypted and the hexadecimal digits correspond directly to ASCII characters in the form name. The key ID (4591f672...) is submitted along with the form so that the MeringueMail client will know which key to use to decrypt the form.
If you don't like the way Response-O-Matic displays the submitted form, you should consider the Bravenet form processor. In that case you can create your own page to tell visitors that their form has been submitted. The default "thank you" page is as below.
5. Retrieve the Forms from your
The MeringueMail client lets you log onto your mail server and retrieve your e-mails. Only MeringueMails will be removed from the server; other e-mails will be left on the server.
The forms are then downloaded. The image below shows one MeringueMail in the "Inbox". The contents field shows that the submitted form has the name "survey".
6. Decrypt and read your
To open and read the submitted form, you will need to supply the password protecting your RSA private key (see below). If you forget your password you will not be able to read your MeringueMails.
The following screenshot below shows the successfully decrypted form.
Go to the main MeringueMail page.
Go to the page explaining how to store decrypted forms in a database.