# PGP Encryption

Using [PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) encryption you can use a public and private key pair to encrypt your data or files. The public key will be used to encrypt the data and only the person having the private key and its passphrase will be able to decrypt that data. PGP encryption will be used for any data that has been [classified](https://docs.ngsurvey.com/data-encryption/data-classification) as [restricted](https://docs.ngsurvey.com/data-encryption/data-classification/restricted).

{% hint style="info" %}
You may easily generate your own PGP key pairs using a free online tool like <https://pgpkeygen.com/>
{% endhint %}

## 🚀Enable PGP encryption

To enable PGP encryption you will need to set a PGP public on your survey. You may set different PGP public key for each of your survey adding on the way an additional layer of security.

You may set your public PGP key in the [survey security](https://docs.ngsurvey.com/form-management/form-designer/form-settings/survey-security) tab. Once you have entered your public key you can select the [restricted](https://docs.ngsurvey.com/data-encryption/data-classification/restricted) data classification to encrypt newly created survey respondents, text based answers or campaigns.&#x20;

![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M8fLhS0bmfBRyq0HdUm%2F-MI2nlOhuXZmq9OGAZ_y%2F-MI2o1Wrf8AvzyGzijHX%2Fimage.png?alt=media\&token=9f886af8-67d7-4107-843a-8c9bb2600c70)

## 🔒 Decrypting the data

Decryption of encrypted PGP data can be done either locally on your machine by [exporting the respondents](https://docs.ngsurvey.com/form-management/data-export) and using a PGP decryption tool locally on your machine like [gp4Win](https://www.gpg4win.org/) or on-demand through the administration interface using our PGP decryption tool and your private key.

## 🔓 On-demand decryption&#x20;

On-demand decryption let you enter your private PGP key to decrypt the data from the ngSurvey administration interface.

<div align="center"><img src="https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M8fLhS0bmfBRyq0HdUm%2F-MI2w1nmEWbCwCxwWYUb%2F-MI2wA7JLQrSSaX-h4X2%2Fimage.png?alt=media&#x26;token=a6a1d501-a415-4f78-a1d9-9089157a7500" alt="You may enable the on-demand decryption using key lock icon"></div>

On-demand decryption will keep your private key alive in the browser memory for 5 minutes after which the key will be cleared and data automatically obfuscated again.

{% hint style="warning" %}
Your private key IS NOT stored permanently anywhere, however note that ngSurvey may need for some operations to send over the key to your server to decrypt the data but even in that case the key is never stored anywhere on the server and only used for duration of the operation. Make sure that SSL is enabled on your server if you wish to use that option.&#x20;
{% endhint %}

Here an example of a survey that has [restricted](https://docs.ngsurvey.com/data-encryption/data-classification/restricted) encrypted field answers that can be decrypted using the on-demand decryption.&#x20;

![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M8fLhS0bmfBRyq0HdUm%2F-MI2xebVVVJenDi9Oc3J%2F-MI2xsYbGWgk5kHW1Dv3%2Fcaptured%20\(41\)-min.gif?alt=media\&token=6c720ace-46f8-46ca-870d-ed6e545f5e45)

{% hint style="info" %}
You can change the default 5 minutes key clearing time out by settings the **NGSurvey:DecryptTimeout** environment variable to the number of minutes of your choice. For security reasons we strongly suggest not to set a high time out.
{% endhint %}