• The server provides a list of public keys from the administrative staff that the applicant uses to encrypt the form's content.
• The applicant submits the encrypted form to the server.
• The server signs the form that has been submitted by the applicant together with the current timestamp and a list of the public keys of the administrative staff used for encryption and returns this signature to the applicant.
• The applicant checks the signature received from the server.
• The applicant generates a PDF Document which includes:
  • The submitted form in a human-readable way.
  • The submitted form, as a JSON object.
  • The submitted form, encrypted for the administrative staff as submitted to the server.
  • The signature received by the server.
  • All the public keys from the administrative staff that have been used for encryption
  • The public key of the server.

So the applicant can prove that they submitted this form with this specific content, encrypted with the public keys of the administrative staff provided by the server, to the server.

What changes?
As a user, I want to use signed x509 certificates for encryption when submitting my forms. For Formularium, that means admins in the future will have the following two options:

• using their own PKI infrastructure (e.g. Bundesdruckerei, …)
• using letsencrypt fully integrated into formularium (as easy as our current PGP implementation)

Due to this step, we will also officially discontinue the electron desktop client in favor of the flutter one.

From a public services staff perspective, the main (internal) change is, that now not a user but teams have access to encryption keys. That means also that newly added users (by team managers) can also access form data submitted before they started using formularium.
Internally, every team has an x509 certificate, and every user still has their PGP key. During the runtime of the desktop client, it downloads and decrypts the team's x509 private key that is encrypted for the PGP key of the user. The PGP key and the x509 private key are still generated locally, and only the x509 key is uploaded to the formularium backend in an encrypted way for each user who can access the key.

Why?
From the beginning, it was kind of clear that using user-based PGP-Keys can only be the first step in ensuring end-to-end encryption. Now, as fitconnect - the hopefully soon de facto standard for e2e encrypted communication between public services and citizens becomes more and more concrete, I think it's time to start implementing it. And the first step would be to change from PGP to certificates.

WDYT?

Hi!

Sorry if this is intended behavior or a known issue...

On https://formularium.verdrusssache.de/ I filled the form Hundehaltung/Anmeldung and the generated .pdf contains three copies of

Grund für die Meldung
...
Angaben zur Person
...

see attachment: file.pdf

As administrative staff I want to use a desktop client that allows me to:

• Login via oauth2 Authorization Code Flow
  • add the refresh-token to the OS-Keychain with Keytar
• setup encryption/decryption of forms
  • generate a new RSA-Key with a minimum length of 4096 and store it also into the Keychain.
  • add the public key automatically to the server
• see a sortable list of stored forms, that can be decrypted by me.
• open the forms and copy the content as
  • TEXT
  • JSON
  • PDF
  • XML
• manage/revoke my own keys
• generate new keys

Technically it's probably a good idea to build this as an electron app because of cross-platform, …

Because we are not generating JSON-Schema objects during runtime anymore, it should be super easy to integrate autocompletion into the getContext block.

• autocompletion for json schema edited via the visual editor
• autocompletion for imported json schema

We want evaluate whether BPMN makes sense to use for designing complex form flows. Therefore we want to do a prototype to explore this possibility.

In the future, there should be a mobile app for applicants. This app would allow them to create an account by submitting a PGP public key and responding to a challenge that has to be signed by their public key. There should be an option to add an eID card as a second-factor authentication (maybe https://gitlab.com/adessoAG/FIDELIO/Documentation could be useful).

After setting up the account, the applicants can set up push notifications to get notified about new messages provided by the server.

Then applicants can submit their forms as before. But now there is a way to communicate between administrative staff and applicants PGP encrypted. And the server allows us to send push notifications/chat communication/…

As a user, I only want to connect blocks that actually can be connected.

• add an extra tab to the editor where files like
  • xDatenfelder schemas
  • json schema forms
  • lists
    • xDatenfelder genericode
    • csv
  • static assets like images and video
  • markdown
• can be uploaded
• can be previewed
• can be used in the blockly editor

This allows rendering a dynamic amount of fields or form sections.

When trying to return to a previous page in a form, using the 'back' function of the browser leaves the form entirely. Non intuitive behavior can drive potential users away.

I just saw a tweet about this project, went to the demo and this was my only immediate nitpick. Great idea for a project and i hope it get's some adoption!

• use static code analysis to find the strings in the code (https://github.com/oliviertassinari/i18n-extract)
• add a translation view
• use the translations

This will make building the plugin system so much easier.

As openpgp.js becomes more and more pain to work with I will move first formularium-desktop and soon also formularium itself to kbpgp.js.

• replace in formularium-desktop
• replace in formularium